Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

security issue of gin (dependencie) #1756

Closed
6543 opened this issue May 14, 2023 · 5 comments · Fixed by #1797
Closed

security issue of gin (dependencie) #1756

6543 opened this issue May 14, 2023 · 5 comments · Fixed by #1797
Labels
dependencies governance

Comments

@6543
Copy link
Member

6543 commented May 14, 2023
edited
Loading

gin-gonic/gin#3555

we dont use the function FileAttachment and so we are not affected
@6543
Copy link
Member Author

6543 commented May 14, 2023

quote: @qwerty287 :

There's an issue for this open for 1.5 months already and it's not closed yet...

@6543
Copy link
Member Author

6543 commented May 14, 2023

There's an issue for this open for 1.5 months already and it's not closed yet...

I would say if it is not fixed in another 2 weeks, we can just migrate to https://go-chi.io/

@6543
Copy link
Member Author

6543 commented May 14, 2023

note there is already an open pull: gin-gonic/gin#3556

@6543
Copy link
Member Author

6543 commented May 14, 2023

we dont use the function FileAttachment and so we are not affected

@6543 6543 added governance and removed security labels May 14, 2023
@6543
Copy link
Member Author

6543 commented May 14, 2023

I still think it looks bad if the maintainers can not be contacted on an sec issue and if it's open for so long ...

... though I dont want to blame them as i have no insight whats going on on there side

@6543 6543 changed the title fix sec issue of gin dep security issue of gin (dependencie) May 14, 2023
@qwerty287 qwerty287 mentioned this issue Jun 1, 2023
Merged
qwerty287 added a commit that referenced this issue Jun 1, 2023
@qwerty287
Update Gin (#1797)
dc3f7d6 
Fixes the security issue (we aren't affected)

Closes #1756
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
dependencies governance
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update Gin qwerty287/woodpecker
2 participants
@6543 @qwerty287