Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Enhancement]: CRITICAL Vulnerability in stdlib related to net/netip #35142

Closed
1 task done
A-Jatin opened this issue Jul 31, 2024 · 6 comments
Closed
1 task done

[Enhancement]: CRITICAL Vulnerability in stdlib related to net/netip #35142

A-Jatin opened this issue Jul 31, 2024 · 6 comments
Assignees
@haorenfsa
Labels
kind/enhancement Issues or changes related to enhancement stale indicates no udpates for 30 days

Comments

@A-Jatin
Copy link

A-Jatin commented Jul 31, 2024

Is there an existing issue for this?

  • I have searched the existing issues

What would you like to be added?

I was testing for vulnerabilities before deploying milvus in our environment and found a critical issue(see image below)

However this issue is fixed with latest version of stdlib but milvus doesnt support that currently. Can we please have an update for this to resolve this vulnerability?
image

Why is this needed?

To deploy milvus without any CRITICAL vulnerabilities.

Anything else?

Using Trivy - https://github.com/aquasecurity/trivy for vulnerability scan of the container.
@A-Jatin A-Jatin added the kind/enhancement Issues or changes related to enhancement label Jul 31, 2024
@xiaofan-luan
Copy link
Collaborator

@shaoting-huang
seems that we need 1.21.11 for 2.4

This was referenced Aug 5, 2024
Merged
Merged
sre-ci-robot pushed a commit that referenced this issue Aug 5, 2024
@shaoting-huang
enhance: upgrade go version to 1.21.11 (#35257)
d8668fe 
issue: #35142

Signed-off-by: shaoting-huang <[email protected]>
sre-ci-robot pushed a commit that referenced this issue Aug 5, 2024
@shaoting-huang
enhance: upgrade go version to 1.21.11 (#35258)
595aeae 
issue: #35142

related pr in master: #35257

Signed-off-by: shaoting-huang <[email protected]>
sumitd2 pushed a commit to sumitd2/milvus that referenced this issue Aug 6, 2024
@shaoting-huang @sumitd2
enhance: upgrade go version to 1.21.11 (milvus-io#35257)
943152d 
issue: milvus-io#35142

Signed-off-by: shaoting-huang <[email protected]>
Signed-off-by: Sumit Dubey <[email protected]>
@A-Jatin
Copy link
Author

A-Jatin commented Aug 9, 2024
edited
Loading

this is still causing the issue - milvusdb/milvus-config-tool v0.3.0
image

@xiaofan-luan
Copy link
Collaborator

@zwd1208
can you please help on fix the CVE

@zwd1208
Copy link

zwd1208 commented Aug 9, 2024

ok, @haorenfsa will fix it soon.

@haorenfsa
Copy link
Contributor

/assign

This was referenced Aug 15, 2024
Merged
Merged
@stale Stale
Copy link

stale bot commented Sep 10, 2024

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Rotten issues close after 30d of inactivity. Reopen the issue with /reopen.

@stale stale bot added the stale indicates no udpates for 30 days label Sep 10, 2024
@stale stale bot closed this as completed Sep 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@haorenfsa haorenfsa

Labels
kind/enhancement Issues or changes related to enhancement stale indicates no udpates for 30 days
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@zwd1208 @haorenfsa @A-Jatin @xiaofan-luan