Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New nsc version inlcuding latest nkeys vuln patch #623

Closed
rubur-webbeds opened this issue Nov 6, 2023 · 2 comments
Closed

New nsc version inlcuding latest nkeys vuln patch #623

rubur-webbeds opened this issue Nov 6, 2023 · 2 comments
Labels
proposal Enhancement idea or proposal

Comments

@rubur-webbeds
Copy link

What motivated this proposal?

Our scanner detects the vulnerability CVE-2023-46129 in the package github.com/nats-io/nkeys. From this PR #622 we see the new version is there, but not released yet.

What is the proposed change?

Release a new nsc version including the patch.
Thank you

Who benefits from this change?

No response

What alternatives have you evaluated?

No response
@rubur-webbeds rubur-webbeds added the proposal Enhancement idea or proposal label Nov 6, 2023
@aricart
Copy link
Member

aricart commented Nov 6, 2023

working on that.

@aricart
Copy link
Member

aricart commented Nov 6, 2023

I just released 2.8.3 - noticed that the 2.8.2 release was staged but not published. v2.8.3 should be happy with the CVE scans!.

@aricart aricart closed this as completed Nov 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
proposal Enhancement idea or proposal
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aricart @rubur-webbeds