[paho-dev] Vulnerability found on v1.5.0

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[paho-dev] Vulnerability found on v1.5.0

From: Sudarshan Reddy <moramsudarshan@xxxxxxxxx>
Date: Thu, 16 Jan 2025 02:18:57 +0530
Delivered-to: paho-dev@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/paho-dev/>
List-help: <mailto:paho-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/paho-dev>, <mailto:paho-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/paho-dev>, <mailto:paho-dev-request@eclipse.org?subject=unsubscribe>

Hi Team,

I have found an Vulnerability found in v1.5.0 release .
repo: eclipse-paho/paho.mqtt.golang
version: v1.5.0
released: July 2024

Vulnerability:
NAME : golang.org/x/net
INSTALLED: v.0.27.0
FIXED_IN : 0.33.0
type : go module
vulnerability:GHSA-w32m-9786-jp63
severity: High

The above vulnerability already fixed in the v0.33.0. So can you please update the golang.org/x/net to 0.33.0 in go.mod file and Can you release new version.

And I can raise PR with fixed version if you want me to do it so that you can approve and merge the PR for next release to fix the vulnerability.

Can you please reply with the next release date?

Thank you to paho team.

Thanks,

Sudharsan

Follow-Ups:
- Re: [paho-dev] Vulnerability found on v1.5.0
  - From: Matt Brittan

Prev by Date: [paho-dev] unknown psk identity
Next by Date: Re: [paho-dev] Vulnerability found on v1.5.0
Previous by thread: [paho-dev] unknown psk identity
Next by thread: Re: [paho-dev] Vulnerability found on v1.5.0
Index(es):
- Date
- Thread

Breadcrumbs