github.com/hashicorp/go-retryablehttp update needed for CVE-2024-6104 #5944

joelsmith · 2024-07-03T16:50:04Z

A library used by the KEDA operator should be updated to remove any doubt about whether its security defect could affect KEDA.
https://discuss.hashicorp.com/t/hcsec-2024-12-go-retryablehttp-can-leak-basic-auth-credentials-to-log-files/68027

Update github.com/hashicorp/go-retryablehttp to v0.7.7

$ git grep go-retryablehttp go.mod
go.mod:   github.com/hashicorp/go-retryablehttp v0.7.5 // indirect

$ git grep go-retryablehttp go.mod
go.mod: github.com/hashicorp/go-retryablehttp v0.7.7 // indirect

git grep go-retryablehttp go.mod

No response

2.14.0

1.29

Red Hat OpenShift

No response

The library in question appears to only be used by the New Relic scaler.

The text was updated successfully, but these errors were encountered:

joelsmith added the bug Something isn't working label Jul 3, 2024

joelsmith mentioned this issue Jul 3, 2024

Update github.com/hashicorp/go-retryablehttp for CVE-2024-6104 #5945

Merged

3 tasks

tomkerkhove closed this as completed in #5945 Jul 8, 2024

Provide feedback