Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix CVE-2022-27191 #5479

Merged
merged 1 commit into from
Oct 24, 2022
Merged

Fix CVE-2022-27191 #5479

merged 1 commit into from
Oct 24, 2022

Conversation

qiuming-best
Copy link
Contributor

https://nvd.nist.gov/vuln/detail/CVE-2022-27191
updates to:

  • golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd adds:
  • golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2

Signed-off-by: Wesley Hayutin [email protected]

Thank you for contributing to Velero!

Please add a summary of your change

Does your change fix a particular issue?

Fixes #(issue)

Please indicate you've done the following:

  • Accepted the DCO. Commits without the DCO will delay acceptance.
  • Created a changelog file or added /kind changelog-not-required as a comment on this pull request.
  • Updated the corresponding documentation in site/content/docs/main.

@github-actions github-actions bot requested review from sseago and ywk253100 October 24, 2022 09:35
@github-actions github-actions bot added the Dependencies Pull requests that update a dependency file label Oct 24, 2022
@qiuming-best
Copy link
Contributor Author

/kind changelog-not-required

@github-actions github-actions bot added the kind/changelog-not-required PR does not require a user changelog. Often for docs, website, or build changes label Oct 24, 2022
@qiuming-best
Copy link
Contributor Author

refer to #5450

@qiuming-best qiuming-best added this to the v1.9.3 milestone Oct 24, 2022
@weshayutin @qiuming-best
Fix CVE-2022-27191
36ac656 
https://nvd.nist.gov/vuln/detail/CVE-2022-27191
update to:
  * golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd
add:
  * golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2

Signed-off-by: Wesley Hayutin <[email protected]>
@sseago sseago merged commit f54db0e into vmware-tanzu:release-1.9 Oct 24, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Lyndon-Li Lyndon-Li Lyndon-Li approved these changes

@sseago sseago sseago approved these changes

@ywk253100 ywk253100 Awaiting requested review from ywk253100

@reasonerjt reasonerjt Awaiting requested review from reasonerjt

@blackpiglet blackpiglet Awaiting requested review from blackpiglet

Assignees

@qiuming-best qiuming-best

Labels
Dependencies Pull requests that update a dependency file kind/changelog-not-required PR does not require a user changelog. Often for docs, website, or build changes
Projects
None yet
Milestone
v1.9.3
Development

Successfully merging this pull request may close these issues.
4 participants
@qiuming-best @sseago @Lyndon-Li @weshayutin