Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade the swift-nio-extras to 1.14 or above due to CVE security report #461

Closed
nahung89 opened this issue Sep 22, 2023 · 1 comment
Closed

Upgrade the swift-nio-extras to 1.14 or above due to CVE security report #461

nahung89 opened this issue Sep 22, 2023 · 1 comment
Assignees
@bryce-b

Comments

@nahung89
Copy link

Hi OpenTelemetry folks, I hope you are doing great.

I'm experimenting with the library and recognize the latest version 1.7.0 contains the package dependency swift-nio-extras ver 1.10.2. This dependency has a security issue CVE-2022-3252 (link or link).

I don't hesitate to make a PR to upgrade the version. Although I'm not quite sure how I can verify the impact. I'm seeing there are several test cases, perhaps it is the way? If so, how can I run those test cases to verify on my own?

Really appreciate for your effort for making this open sources and happy to contribute as well.
@bryce-b bryce-b self-assigned this Sep 28, 2023
@hunguyenaxon hunguyenaxon mentioned this issue Oct 3, 2023
Merged
@hunguyenaxon
Copy link
Contributor

hunguyenaxon commented Oct 9, 2023
edited
Loading

Should be closed with the fix PR in #466

@bryce-b bryce-b closed this as completed Oct 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bryce-b bryce-b

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nahung89 @bryce-b @hunguyenaxon