Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[influxdb/2.7] upgrade to Go 1.22.5/1.21.12 to address upstream CVE #25190

Closed
orgads opened this issue Jul 24, 2024 · 2 comments
Closed

[influxdb/2.7] upgrade to Go 1.22.5/1.21.12 to address upstream CVE #25190

orgads opened this issue Jul 24, 2024 · 2 comments
Labels
security/medium security

Comments

@orgads
Copy link

orgads commented Jul 24, 2024

Go has a critical vulnerability CVE-2024-24790 (GO-2024-2887) in the version that was used for building InfluxDB.

Please update it ASAP. I already pushed a PR:
@jdstrand
Copy link
Contributor

Thank you for the report. influxd isn't using these directly but does use them via dependencies/stdlib functions. This isn't a critical vulnerability in the context of influxd based on current information, but we do want to get this fixed. Thanks again for the report.

@davidby-influx
Copy link
Contributor

Closed in the 2.7 branch by by #25177

@orgads orgads mentioned this issue Jul 28, 2024
Closed
@jdstrand jdstrand changed the title Critical vulnerability in go (CVE-2024-24790) [influxdb/2.7] upgrade to Go 1.22.5/1.21.12 to address upstream CVE Jul 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security/medium security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@orgads @jdstrand @davidby-influx