Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update go version to fix CVE-2021-38297 (and probably others) #956

Open
maikihde-adh opened this issue Oct 29, 2021 · 2 comments
Open

Update go version to fix CVE-2021-38297 (and probably others) #956

maikihde-adh opened this issue Oct 29, 2021 · 2 comments

Comments

@maikihde-adh
Copy link

As referenced in golang/go#48797 there exists an security issue in older go versions that should be fixed by using a more recent go version.

There is also another PR open to move to the latest go 1.17 #920

Please update go version to a recent one.
@sodul
Copy link

sodul commented Feb 18, 2022
edited
Loading

I'm afraid the project is abandoned as there has been no commits since April 2021 and issues and PRs seem to pile up. We are looking at alternatives to sops, especially ones that support aws sso.

In the meantime I did find that you can easily install the latest release with the latest version of go (1.17):

go install go.mozilla.org/sops/v3/cmd/sops@v3.7.1

This should address some of the CVE concerns.

@onedr0p
Copy link
Contributor

onedr0p commented Feb 18, 2022

@sodul while there hasn't been much actively this is not abandoned, see #927

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@onedr0p @sodul @maikihde-adh