New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Please release upgrade /cmd/protoc-gen-go-grpc /go.mod to security fixed protobuf v1.33.0 #7092
Labels
Type: Meta
Github repo, process, etc
Comments
edcrewe
changed the title
Please upgrade to security fixed protobuf v1.33.0 (and ideally more recent go version)
Please upgrade to security fixed protobuf v1.33.0 (plus more recent go version)
Apr 4, 2024
edcrewe
changed the title
Please upgrade to security fixed protobuf v1.33.0 (plus more recent go version)
Please upgrade /cmd/protoc-gen-go-grpc /go.mod to security fixed protobuf v1.33.0
Apr 4, 2024
edcrewe
changed the title
Please upgrade /cmd/protoc-gen-go-grpc /go.mod to security fixed protobuf v1.33.0
upgrade /cmd/protoc-gen-go-grpc /go.mod to security fixed protobuf v1.33.0
Apr 4, 2024
edcrewe
changed the title
upgrade /cmd/protoc-gen-go-grpc /go.mod to security fixed protobuf v1.33.0
Please release upgrade /cmd/protoc-gen-go-grpc /go.mod to security fixed protobuf v1.33.0
Apr 4, 2024
Sorry we realized you have already done this work, it is just waiting for a new release version for the changes at https://github.com/grpc/grpc-go/blob/master/cmd/protoc-gen-go-grpc/main.go |
I'd like to wait on #7057 before doing the next release if possible, which might be a couple weeks. |
This was referenced Apr 24, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Please upgrade go.mod
See https://github.com/grpc/grpc-go/blob/cmd/protoc-gen-go-grpc/v1.3.0/cmd/protoc-gen-go-grpc/go.mod
Security issue with
require google.golang.org/protobuf v1.28.1
google.golang.org/protobuf │ CVE-2024-24786 │ MEDIUM │ fixed │ v1.28.1 │ 1.33.0 │ golang-protobuf: encoding/protojson, internal/encoding/json: │
infinite loop in protojson.Unmarshal when unmarshaling certain forms of... https://avd.aquasec.com/nvd/cve-2024-24786
upgrade to
require google.golang.org/protobuf v1.33.0
(ideally upgrade to a more recent go version than 1.17 whilst you are at it!)
The text was updated successfully, but these errors were encountered: