Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Address critical vulnerability CVE-2022-28948 #177

Closed
schmigware opened this issue Oct 20, 2022 · 4 comments
Closed

Address critical vulnerability CVE-2022-28948 #177

schmigware opened this issue Oct 20, 2022 · 4 comments
Labels
bug Something isn't working

Comments

@schmigware
Copy link

schmigware commented Oct 20, 2022
edited

Describe the bug
Latest koanf version is vulnerable to CVE-2022-28948

Expected behavior
Update Go YAML dependency version to v3.0.1

Additional context
I'd open a PR myself but am having issues with Github PAT from CLI.
Appreciate if this could be addressed, should just be a case of running:

go get -u gopkg.in/yaml.v3@v3.0.1
go mod tidy
go test

Many thanks.
@schmigware schmigware added the bug Something isn't working label Oct 20, 2022
@knadh knadh closed this as completed in d941f60 Oct 20, 2022
@knadh
Copy link
Owner

knadh commented Oct 20, 2022

Thank you for reporting this.

@schmigware
Copy link
Author

No problem @knadh , do you think it would be possible to release a new version so we can update our dependecy?

@knadh
Copy link
Owner

knadh commented Oct 21, 2022

I'd already pushed v1.4.4 yesterday. Just made a GitHub release also: https://github.com/knadh/koanf/releases/tag/v1.4.4

@schmigware
Copy link
Author

Many thanks @knadh

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@knadh @schmigware