argo-rollouts icon indicating copy to clipboard operation
argo-rollouts copied to clipboard

Published 20 hours ago verified publisher icon argoproj

Upgrade go-retryablehttp to 0.7.7 to address Security vulnerability

Open Rizwana777 opened this issue 7 months ago • 2 comments

Summary

The outdated versions of go-retryablehttp are vulnerable to CVE-2024-6104, which has been categorised as Moderate.

Motivation

The issue affects the url which might write sensitive information to log file

Proposal

The recommended solution is to upgrade the version of go-retryablehttp to 0.7.7 for versions v1.6.0, master branches.

Rizwana777 avatar Jul 04 '24 12:07 Rizwana777