terraform-provider-kubernetes icon indicating copy to clipboard operation
terraform-provider-kubernetes copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

kin-openapi version bump

Open BrandenCobb opened this issue 6 months ago • 1 comments

Question

Any idea when this PR is going to be looked at and merged? It fixes a high cve

BrandenCobb avatar Jun 03 '25 18:06 BrandenCobb

We're looking into it, but it's not trivial. That package has made significant breaking changes without bumping major version numbers. The actual effort needed to ingest those is quite significant, but we have on our to-do list.

alexsomesan avatar Jun 03 '25 19:06 alexsomesan

I would be particularly interested this one as it's blocking usage in certain restricted environments

geerew avatar Jul 25 '25 13:07 geerew

@alexsomesan any updates on this? The CVE is a blocker for many enterprises trying to adopt this provider; due to it being flagged by various internal scanning tools.

alexng-canuck avatar Oct 31 '25 18:10 alexng-canuck

@alexsomesan @BrandenCobb We are also tracking this CVE fix and this is blocking critical patching activity for this patching cycle.

sjindal94 avatar Oct 31 '25 18:10 sjindal94