Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update github.com/tidwall/gjson from v1.10.2 to v1.14.1 #11252

Closed
victor-polyansky opened this issue Jun 3, 2022 · 2 comments · Fixed by #11264
Closed

Update github.com/tidwall/gjson from v1.10.2 to v1.14.1 #11252

victor-polyansky opened this issue Jun 3, 2022 · 2 comments · Fixed by #11264
Assignees
Labels
security raise security concerns or improve the security of Telegraf waiting for response waiting for response from contributor

Comments

@victor-polyansky
Copy link

Blackduck security scan complains about current version of github.com/tidwall/gjson with the following CVEs:
CVE-2021-42836
CVE-2020-36066
CVE-2020-36067
CVE-2020-35380

Please update to the latest version v1.14.1

@victor-polyansky victor-polyansky added the support Telegraf questions, may be directed to community site or slack label Jun 3, 2022
@telegraf-tiger
Copy link
Contributor

telegraf-tiger bot commented Jun 3, 2022

Hello! I recommend posting this question in our Community Slack or Community Page, we have a lot of talented community members there who could help answer your question more quickly. You can also learn more about Telegraf by enrolling at InfluxDB University for free!

Heads up, this issue will be automatically closed after 7 days of inactivity. Thank you!

@srebhan srebhan added security raise security concerns or improve the security of Telegraf and removed support Telegraf questions, may be directed to community site or slack labels Jun 3, 2022
@srebhan srebhan self-assigned this Jun 3, 2022
@powersj
Copy link
Contributor

powersj commented Jun 3, 2022

Hi,

Were you scanning the latest version of Telegraf? Or an earlier version?

None of these CVEs apply to the version that is in Telegraf:

GHSA-ppj4-34rq-v8j9 affects < 1.9.3
GHSA-wjm3-fq3r-5x46 affects < 1.6.5
GHSA-w942-gw6m-p62c affects < 1.6.4
CVE-2020-36067 affets < 1.6.5

Telegraf, as you have noted, uses v1.10.2.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
security raise security concerns or improve the security of Telegraf waiting for response waiting for response from contributor
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants