You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Could you please update the golang.org/x/net version to 0.23.0, and then release a new version of aws-iam-authenticator after that? Due to security vulnerabilities found from the latest 0.6.14 version.
Why is this needed?
Security scan results from a Docker image that uses the latest 0.6.14 version of aws-iam-authenticator have highlighted the CVE-2023-45288 vulnerability in the golang.org/x/net dependency, and the CVE-2024-24786 vulnerability in the google.golang.org/protobuf dependency. (I think the google.golang.org/protobuf version pinned in the code is up-to-date enough, but the latest released version of aws-iam-authenticator is not using this yet.)
Anything else we need to know?
No response
The text was updated successfully, but these errors were encountered:
What would you like to be added?
Could you please update the golang.org/x/net version to 0.23.0, and then release a new version of aws-iam-authenticator after that? Due to security vulnerabilities found from the latest 0.6.14 version.
Why is this needed?
Security scan results from a Docker image that uses the latest 0.6.14 version of
aws-iam-authenticator
have highlighted the CVE-2023-45288 vulnerability in thegolang.org/x/net
dependency, and the CVE-2024-24786 vulnerability in thegoogle.golang.org/protobuf
dependency. (I think the google.golang.org/protobuf version pinned in the code is up-to-date enough, but the latest released version of aws-iam-authenticator is not using this yet.)Anything else we need to know?
No response
The text was updated successfully, but these errors were encountered: