-
Notifications
You must be signed in to change notification settings - Fork 503
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade to go 1.21.2+ #422
Comments
Our scanner also complained https://nvd.nist.gov/vuln/detail/CVE-2023-44487 due to go 1.21.1 Apart from go, there is also grpc version that needs to be upgraded: GHSA-m425-mq94-257g |
Same, Critical issue with: GHSA-m425-mq94-257g |
will this be fixed in a new version? what's the timeline? |
There's no threat model for either of these vulns for gRPCurl. So we have no urgency to address them. |
I am not raising another issue because I found this open one. Even in our case we are getting security vuln due the below CVE-ids which require upgrade to golang version 1.21.2+ CVE-2023-39323 |
Hi,
Do you have plan to upgrade the golang version to 1.21.2+ (currently the grpcurl 1.8.9 is built on top of golang 1.21.1)? In our security scanning, we get a Critical issue in 1.21.1 (CVE-2023-39323)
Thanks
The text was updated successfully, but these errors were encountered: