Upgrade gopkg.in/macaron.v1 to v1.3.7 (or above) #25856

simonpasquier · 2020-06-26T08:02:13Z

gopkg.in/macaron.v1 prior v1.3.7 is affected by CVE-2020-12666:

go-macaron/macaron#199
go-macaron/macaron#198

Though Grafana doesn't use the macaron.StaticHandler method currently, it would be nice to bump to a version including the fix in case future versions of Grafana make use of the method.

The text was updated successfully, but these errors were encountered:

aknuds1 · 2020-06-26T11:39:15Z

Thanks for the report, will look into this.

aknuds1 · 2020-07-08T07:49:01Z

This is fixed!

aknuds1 self-assigned this Jun 26, 2020

aknuds1 added the type/chore label Jun 26, 2020

aknuds1 added this to To do in Backend Platform Squad Jun 26, 2020

aknuds1 mentioned this issue Jun 26, 2020

Chore: Upgrade macaron #25869

Merged

aknuds1 moved this from To do to Under review in Backend Platform Squad Jun 29, 2020

aknuds1 closed this as completed Jul 8, 2020

Backend Platform Squad automation moved this from Under review to Done Jul 8, 2020

marefr added this to the 7.1-beta1 milestone Sep 10, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Upgrade gopkg.in/macaron.v1 to v1.3.7 (or above) #25856

Upgrade gopkg.in/macaron.v1 to v1.3.7 (or above) #25856

simonpasquier commented Jun 26, 2020

aknuds1 commented Jun 26, 2020

aknuds1 commented Jul 8, 2020

Upgrade gopkg.in/macaron.v1 to v1.3.7 (or above) #25856

Upgrade gopkg.in/macaron.v1 to v1.3.7 (or above) #25856

Comments

simonpasquier commented Jun 26, 2020

aknuds1 commented Jun 26, 2020

aknuds1 commented Jul 8, 2020