CVE-2022-27664 Vulnerability
breneckd opened this issue · comments
Vulnerability is said to be resolved in 1.18.6. Currently build uses 1.18.5.
If you could rerun the build to resolve this issue.
Would it be worth creating a scheduled gha that rebuilds the image either with latest tag or <version>-latest
? That way we don't override the existing tag and also provide latest option of underlying dependencies.
You can build from source to avoid encountering this in future e.g. GOOS=linux GOARCH=amd64 GOBIN="${GITHUB_WORKSPACE}/build" CGO_ENABLED=0 go install -tags=netgo -ldflags '-w' github.com/grpc-ecosystem/grpc-health-probe@latest
(This wont work with cross compiling)
I understand that it is possible to just build the executable with the latest version of go. However, we do not have go build environments on our systems and therefore I would appreciate if you could provide a new binary release. Thanks.
Im not the owner of this repo nor do I have any permissions on it.