Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DXE-4198 Create new release with Go >= 1.22.7 #578

Open
muffl0n opened this issue Sep 13, 2024 · 5 comments
Open

DXE-4198 Create new release with Go >= 1.22.7 #578

muffl0n opened this issue Sep 13, 2024 · 5 comments
Labels
planned

Comments

@muffl0n
Copy link

muffl0n commented Sep 13, 2024

Grype is finding these CVEs cause of an outdated Go version used:

NAME    INSTALLED  FIXED-IN  TYPE       VULNERABILITY   SEVERITY 
stdlib  go1.21.12            go-module  CVE-2024-34158  High      
stdlib  go1.21.12            go-module  CVE-2024-34156  High      
stdlib  go1.21.12            go-module  CVE-2024-34155  Unknown

Could you please release a new provider version with an updated Go version?

Thank you!
@ckulinsk ckulinsk changed the title Create new release with Go >= 1.22.7 DXE-4052 Create new release with Go >= 1.22.7 Sep 13, 2024
@ckulinsk
Copy link
Contributor

Hello @muffl0n

Thank you for raising this topic. We will schedule this update and come back to you when it is ready.

Best regards,
Cyryl

@lkowalsk-akamai-com
Copy link
Contributor

Hi @muffl0n
with recent release new version of Terraform provider that has updated 1.21 version that fixes mentioned vulnerabilities.

@muffl0n
Copy link
Author

muffl0n commented Sep 27, 2024

Hi @lkowalsk-akamai-com, is there a planned date for the new release?

@muffl0n
Copy link
Author

muffl0n commented Nov 19, 2024

Release 6.5.0 still contains these vulnerabilities. Could you please release a new version? Thanks!

-> % grype .terraform/providers/registry.opentofu.org/akamai/akamai/6.5.0/darwin_arm64/terraform-provider-akamai_v6.5.0

 ✔ Indexed file system                                               /Users/svs/IdeaProjects/gitlab.com/ndrde/code/tagesschau/akamai/property-manager/images.tagesschau.de/.terraform/providers/registry.opentofu.org/akamai/akamai/6.5.0/darwin_arm64
 ✔ Cataloged contents                                                                                                                                                                 208e81568e690eb5ffb6897a72b9447601d65b19d5045860c0320c64736dfaeb
   ├── ✔ Packages                        [66 packages]  
   ├── ✔ File digests                    [1 files]  
   ├── ✔ File metadata                   [1 locations]  
   └── ✔ Executables                     [1 executables]  
 ✔ Scanned for vulnerabilities     [3 vulnerability matches]  
   ├── by severity: 0 critical, 2 high, 1 medium, 0 low, 0 negligible
   └── by status:   3 fixed, 0 not-fixed, 0 ignored 
NAME    INSTALLED  FIXED-IN        TYPE       VULNERABILITY   SEVERITY 
stdlib  go1.21.12  1.22.7, 1.23.1  go-module  CVE-2024-34158  High      
stdlib  go1.21.12  1.22.7, 1.23.1  go-module  CVE-2024-34156  High      
stdlib  go1.21.12  1.22.7, 1.23.1  go-module  CVE-2024-34155  Medium

@lkowalsk-akamai-com
Copy link
Contributor

Thank you for bringing that back up. We are working already on update to use 1.22.x. This work will be included in one of comming releases. I will reopen this ticket for tracking purpouses.

@lkowalsk-akamai-com lkowalsk-akamai-com changed the title DXE-4052 Create new release with Go >= 1.22.7 DXE-4198 Create new release with Go >= 1.22.7 Nov 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
planned
Milestone
No milestone
Development

No branches or pull requests
3 participants
@muffl0n @lkowalsk-akamai-com @ckulinsk