Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update github.com/tidwall/gjson from v1.10.2 to v1.14.1 #11252

Closed
victor-polyansky opened this issue Jun 3, 2022 · 2 comments · Fixed by #11264
Closed

Update github.com/tidwall/gjson from v1.10.2 to v1.14.1 #11252

victor-polyansky opened this issue Jun 3, 2022 · 2 comments · Fixed by #11264
Assignees
@srebhan
Labels
security raise security concerns or improve the security of Telegraf waiting for response waiting for response from contributor

Comments

@victor-polyansky
Copy link

Blackduck security scan complains about current version of github.com/tidwall/gjson with the following CVEs:
CVE-2021-42836
CVE-2020-36066
CVE-2020-36067
CVE-2020-35380

Please update to the latest version v1.14.1
@victor-polyansky victor-polyansky added the support Telegraf questions, may be directed to community site or slack label Jun 3, 2022
@telegraf-tiger
Copy link
Contributor

telegraf-tiger bot commented Jun 3, 2022

Hello! I recommend posting this question in our Community Slack or Community Page, we have a lot of talented community members there who could help answer your question more quickly. You can also learn more about Telegraf by enrolling at InfluxDB University for free!

Heads up, this issue will be automatically closed after 7 days of inactivity. Thank you!

@srebhan srebhan added security raise security concerns or improve the security of Telegraf and removed support Telegraf questions, may be directed to community site or slack labels Jun 3, 2022
@srebhan srebhan self-assigned this Jun 3, 2022
@powersj
Copy link
Contributor

powersj commented Jun 3, 2022

Hi,

Were you scanning the latest version of Telegraf? Or an earlier version?

None of these CVEs apply to the version that is in Telegraf:

GHSA-ppj4-34rq-v8j9 affects < 1.9.3
GHSA-wjm3-fq3r-5x46 affects < 1.6.5
GHSA-w942-gw6m-p62c affects < 1.6.4
CVE-2020-36067 affets < 1.6.5

Telegraf, as you have noted, uses v1.10.2.

@powersj powersj added the waiting for response waiting for response from contributor label Jun 3, 2022
@srebhan srebhan mentioned this issue Jun 7, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@srebhan srebhan

Labels
security raise security concerns or improve the security of Telegraf waiting for response waiting for response from contributor
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: bump github.com/tidwall/gjson from 1.10.2 to 1.14.1 srebhan/telegraf
3 participants
@victor-polyansky @powersj @srebhan