Please release upgrade /cmd/protoc-gen-go-grpc /go.mod to security fixed protobuf v1.33.0 #7092
Assignees
Labels
Type: Meta
Github repo, process, etc
Comments
edcrewe
changed the title
edcrewe
changed the title
edcrewe
changed the title
edcrewe
changed the title
|
Sorry we realized you have already done this work, it is just waiting for a new release version for the changes at https://github.com/grpc/grpc-go/blob/master/cmd/protoc-gen-go-grpc/main.go |
|
I'd like to wait on #7057 before doing the next release if possible, which might be a couple weeks. |
This was referenced Apr 24, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Please upgrade go.mod
See https://github.com/grpc/grpc-go/blob/cmd/protoc-gen-go-grpc/v1.3.0/cmd/protoc-gen-go-grpc/go.mod
Security issue with
require google.golang.org/protobuf v1.28.1
google.golang.org/protobuf │ CVE-2024-24786 │ MEDIUM │ fixed │ v1.28.1 │ 1.33.0 │ golang-protobuf: encoding/protojson, internal/encoding/json: │
infinite loop in protojson.Unmarshal when unmarshaling certain forms of... https://avd.aquasec.com/nvd/cve-2024-24786
upgrade to
require google.golang.org/protobuf v1.33.0
(ideally upgrade to a more recent go version than 1.17 whilst you are at it!)
The text was updated successfully, but these errors were encountered: