Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release v0.102.1 to address security risks #33496

Closed
gdfast opened this issue Jun 11, 2024 · 1 comment
Closed

Release v0.102.1 to address security risks #33496

gdfast opened this issue Jun 11, 2024 · 1 comment
Labels
needs triage New item requiring triage

Comments

@gdfast
Copy link

gdfast commented Jun 11, 2024

Component(s)

No response

confighttp and configgrpc OTLP receivers

Describe the issue you're reporting

I’ve noticed that the collector installation docs have instructions to install collector-contrib v0.102.1 (https://github.com/open-telemetry/opentelemetry-collector-contrib/releases). And of course that’s good advice: that’s the most recent version and addressed the security issue described in https://opentelemetry.io/blog/2024/cve-2024-36129/

However, the opentelemetry-collector-contrib repo’s most recent release is v102.0, see:

It seems weird that the contrib repo and the installation docs don’t match up and that the contrib repo doesn’t have a v0.102.1 release to match the docker v0.102.1 release and core collector v0.102.1 release. Because the contrib collector is used so widely, a v102.1 release would help document the security fixes and make it easy to install a contrib collector at the latest version.

@crobert-1
Copy link
Member

v0.103.0 was released with the fix.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
needs triage New item requiring triage
Projects
None yet
Development

No branches or pull requests

2 participants