Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: CVE-2023-45288 golang.org/x/net #23023

Closed
karatkep opened this issue Jun 28, 2024 · 1 comment
Closed

[Bug]: CVE-2023-45288 golang.org/x/net #23023

karatkep opened this issue Jun 28, 2024 · 1 comment
Labels
kind/bug Outline of a bug - must adhere to the bug report template. status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github.

Comments

@karatkep
Copy link

Describe the bug

che-operator:7.87.0 and configbump:7.87.0 have CVE-2023-45288 vulnerability.

Please update (if possible) golang.org/x/net to v0.23.0

Che version

7.87@latest

Steps to reproduce

Check https://artifacthub.io/packages/helm/eclipse-che/eclipse-che?modal=security-report

Expected behavior

Do not have CVE-2023-45288:
https://artifacthub.io/packages/helm/eclipse-che/eclipse-che?modal=security-report

Runtime

Kubernetes (vanilla)

Screenshots

image

Installation method

chectl/latest

Environment

Linux

Eclipse Che Logs

No response

Additional context

No response
@karatkep karatkep added the kind/bug Outline of a bug - must adhere to the bug report template. label Jun 28, 2024
@che-bot che-bot added the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Jun 28, 2024
@karatkep
Copy link
Author

oh, I see it's already in place: https://github.com/eclipse-che/che-operator/blob/f5d60a0ee67a530c4723c52365a85def5c6708a7/go.mod#L17 and
https://github.com/che-incubator/configbump/blob/8d6e63f2f093bd38e5303484a1a7b898d669411a/go.mod#L44

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Outline of a bug - must adhere to the bug report template. status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@che-bot @karatkep