Please upgrade Go runtime (>= 1.20.7) to fix security vulnerabilities

Question

Please upgrade Go runtime (>= 1.20.7) to fix security vulnerabilities

jhauglid opened this issue a year ago · comments

The currently used version of the Go runtime (1.20.5) have several high severity security vulnerabilities that can be detected by scanners such as the Google Artifact Registry scanner.

Here's a list of issues:
https://nvd.nist.gov/vuln/detail/CVE-2023-39533
https://nvd.nist.gov/vuln/detail/CVE-2023-29409
https://nvd.nist.gov/vuln/detail/CVE-2023-29406

All of these have been fixed in 1.20.7
Please consider upgrading.

Prince Kumar · Answer 1 · Mon Aug 21 2023 23:51:58 GMT+0800 (China Standard Time)

Thanks @jhauglid for suggestion!

We will upgrade the go runtime to the latest one (1.21.0).

Nitin Garg · Answer 2 · Wed Aug 23 2023 12:41:32 GMT+0800 (China Standard Time)

This will be included in our Sept 2023 release.

Nitin Garg · Answer 3 · Thu Sep 14 2023 23:07:05 GMT+0800 (China Standard Time)

This has been merged into the master branch and will be released on Sept 25, 2023.

Nitin Garg · Answer 4 · Wed Sep 27 2023 11:18:24 GMT+0800 (China Standard Time)

@jhauglid ping.

This has been released in GCSFuse release version 1.2.0 .