nokogiri-1.13.9 in v4.4.2 has vulnerability(CVE-2022-23476)
paragsn opened this issue · comments
I can see the Gemfile in master branch has updated the version of nokogiri
Is there any plan for new Release ?
Isn't it v4.4.2?
We are planning new Release.
Please wait a little longer for scheduled dates, etc.
CVE-2022-23476 does not affect Fluentd.
in_windows_eventlog2
uses Nokogiri
with render_as_xml true
, but it reads only XML formatted by Windows.
So, it is unlikely that it could be affected by this vulnerability by loading invalid XML.
Thank you for the response. Yes, I wanted to highlight for the latest version v4.4.2
We released td-agent v5, bundled nokogiri is updated to 1.14.3.
https://github.com/fluent/fluent-package-builder/releases/tag/v4.5.0