Comments (4)
@sseide these are all fixed already in master.
Will cut a new release later today.
from remco.
Hello,
We also are being challenged on our use of this tool, as the current version of golang is subject of many vulnerabilities, some of these include:
CVE-2022-41716
CVE-2022-32190
CVE-2022-38149
CVE-2022-32149
Is there an update path to provide a newer version with updated dependencies?
from remco.
Sorry for the delay. I will create a new Release once Go 1.20.5 is released next week.
from remco.
Yes - and current release has following problems too - parts are already fixed with current master.
Might be fixed with GoLang update too (i have not checked)
- golang.org/x/net GHSA-69cg-p879-7622
- golang.org/x/crypto GHSA-8c26-wmh5-6g9v
- golang.org/x/sys/unix GHSA-p782-xgp4-8hr8
- github.com/prometheus/client_golang GHSA-cg3q-j54f-5p7p (master fixed)
- golang.org/x/net GHSA-vvpx-j8f3-3w6h (master fixed)
from remco.
Related Issues (20)
- way to run in nodeamon mode HOT 1
- use only 1 key to watch HOT 2
- The key don't start with "/" can not find by remco HOT 1
- Support for render template with folder or patterns? HOT 1
- get keys from etcd and loop through HOT 1
- Strange metrics from prometheus sink HOT 6
- Minimal example for include_dir? HOT 1
- Allow "onetime" to be forced from command line or allow only specific backends (or both) HOT 3
- I've gotten most of the setup working with vault but the connection doesn't auto renew the token HOT 3
- Medium security issues in dependencies HOT 5
- please publish prebuilt binaries too for 0.12.2
- changelog HOT 1
- New version release and updated documentation HOT 1
- `gets` template function not working with `default_backends.env` HOT 4
- Remco not reading JSON secret from Vault HOT 4
- Support the use of the `$` character in the config file
- Basic authentication for ETCD backend HOT 1
- Please add support for getting the current ETCD cluster revision number
- Required permissions for watching keys on authorization enabled ETCD cluster HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from remco.