Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump gopkg.in/yaml.v2 to 2.2.4 #1517

Closed
kayrus opened this issue Oct 17, 2019 · 1 comment
Closed

Bump gopkg.in/yaml.v2 to 2.2.4 #1517

kayrus opened this issue Oct 17, 2019 · 1 comment
Labels
kind/bug Bug

Comments

@kayrus
Copy link
Contributor

kayrus commented Oct 17, 2019

In order to avoid an ability of DoS attacks, the yaml package version has to be bumped. go-yaml/yaml#515
@kayrus kayrus added the kind/bug Bug label Oct 17, 2019
@rfranzke
Copy link
Member

You're right... thanks.

rfranzke added a commit that referenced this issue Oct 17, 2019
@rfranzke
Vendor gopkg.in/yaml.v2 version v2.2.4
2b4383e 
Fixes #1517

```noteworthy user
The `gopkg.in/yaml.v2` library is updated to version `v2.2.4` to mitigate CVE-2019-11253.
```
petersutter added a commit to gardener/terminal-controller-manager that referenced this issue Oct 17, 2019
@petersutter
bump gopkg.in/yaml.v2 v2.2.4
567590b 
bump go 1.13.1

see gardener/gardener#1517
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kayrus @rfranzke