Affected by CVE-2023-39323 and CVE-2023-39320?
brasstax opened this issue · comments
Hi gcsfuse maintainers,
it looks like this is running go v1.21.0. There are two critical CVEs against this, fixed in v1.21.2:
Do you know if gcsfuse is affected by this, and is it possible to bump the go version to v1.21.2?
Thank you,
brasstax
Hi @ashmeenkaur,
Thanks for addressing this. Would it be okay to leave this ticket open until the next release?
Thank you,
brasstax
Hi @brasstax,
Thank you for your feedback. We would be happy to keep this ticket open until the next release. Once the change is released, we will update you here.
Thanks,
Ashmeen
GCSFuse v1.2.1 is released with Golang v1.21.3.