Please upgrade Go runtime (>= 1.21.1) to fix security vulnerabilities
jhauglid opened this issue · comments
The currently used version of the Go runtime (1.21.0) have several high severity security vulnerabilities that can be detected by scanners such as the Google Artifact Registry scanner.
Here's a list of issues:
https://nvd.nist.gov/vuln/detail/CVE-2023-39318
https://nvd.nist.gov/vuln/detail/CVE-2023-39319
https://nvd.nist.gov/vuln/detail/CVE-2023-39320
https://nvd.nist.gov/vuln/detail/CVE-2023-39321
https://nvd.nist.gov/vuln/detail/CVE-2023-39322
All of these have been fixed in 1.21.1
Please consider upgrading.
Thanks @jhauglid for raising this! We will take this as part of next release.
We have upgraded the go-lang version. This will be reflected in the next release (planned on 23rd Oct). Closing this issue.
We have upgraded the go-lang version. This will be reflected in the next release (planned on 23rd Oct). Closing this issue.
The October release has now been postponed to an early Nov 2023 release instead (planned on Nov 6, 2023) to include some critical improvements.
@jhauglid Please let us know if there is a cause for concern.
Closing this as its code is already in oct_2023_release branch and this issue is also labeled as 'next_release'.