Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Does v1.26.5 have fix for CVE-2023-24538? #1091

Closed
bbeggs-ibm opened this issue May 1, 2023 · 2 comments
Closed

Does v1.26.5 have fix for CVE-2023-24538? #1091

bbeggs-ibm opened this issue May 1, 2023 · 2 comments
Labels
area/dependency Issues or PRs related to dependency changes

Comments

@bbeggs-ibm
Copy link

would go upgrade to 1.19 by @jcho02 in #1029 in https://github.com/operator-framework/operator-registry/releases/tag/v1.26.3 fix CVE-2023-24538 which requires go upgrade to 1.19.8 minimum.

We upgraded to https://github.com/operator-framework/operator-registry/releases/tag/v1.26.5, but the build failed due to this issue #1086. All we have is a power 8 machine. Though we are working on getting a later machine.

@grokspawn
Copy link
Contributor

I can't speak to that version because all the logs have been garbage collected for those runs and our goreleaser config just asks for 1.19, but recent goreleaser runs are using 1.19.9 so when we cut the next release this will be resolved.

@grokspawn grokspawn added the area/dependency Issues or PRs related to dependency changes label Jun 9, 2023
@grokspawn
Copy link
Contributor

Verified that v1.28.0 is using 1.19.9

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/dependency Issues or PRs related to dependency changes
Projects
None yet
Development

No branches or pull requests

2 participants