Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release new version #1203

Closed
aclevername opened this issue Sep 3, 2021 · 2 comments
Closed

Release new version #1203

aclevername opened this issue Sep 3, 2021 · 2 comments

Comments

@aclevername
Copy link

aclevername commented Sep 3, 2021
edited
Loading

hello 👋

We (https://github.com/weaveworks/eksctl) use cfssl to create certificate signing requests, thanks for maintaining such an awesome library! We recently got a security warning from dependabot that cfssl v1.6.0 has a dependency on an insecure package github.com/dgrijalva/jwt-go:

$ go mod why github.com/dgrijalva/jwt-go
# github.com/dgrijalva/jwt-go
github.com/weaveworks/eksctl/pkg/addons
github.com/cloudflare/cfssl/csr
github.com/cloudflare/cfssl/helpers
github.com/google/certificate-transparency-go
go.etcd.io/etcd
go.etcd.io/etcd/etcdmain
go.etcd.io/etcd/etcdserver
go.etcd.io/etcd/auth
github.com/dgrijalva/jwt-go

We managed to resolve this issue by pointing at master eksctl-io/eksctl#4175, where this issue was fixed. It would be great if a new tag could be cut 😄

Thanks!
Jake
@nickysemenza
Copy link
Member

https://github.com/cloudflare/cfssl/releases/tag/v1.6.1 here you go!

@aclevername
Copy link
Author

Amazing! Thank you 🙏

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nickysemenza @aclevername