sops icon indicating copy to clipboard operation
sops copied to clipboard
verified publisher icon getsops

Update go version to fix CVE-2021-38297 (and probably others)

Open maikihde-adh opened this issue 4 years ago • 2 comments

As referenced in https://github.com/golang/go/issues/48797 there exists an security issue in older go versions that should be fixed by using a more recent go version.

There is also another PR open to move to the latest go 1.17 https://github.com/mozilla/sops/pull/920

Please update go version to a recent one.

maikihde-adh avatar Oct 29 '21 07:10 maikihde-adh

I'm afraid the project is abandoned as there has been no commits since April 2021 and issues and PRs seem to pile up. We are looking at alternatives to sops, especially ones that support aws sso.

In the meantime I did find that you can easily install the latest release with the latest version of go (1.17):

go install go.mozilla.org/sops/v3/cmd/[email protected]

This should address some of the CVE concerns.

sodul avatar Feb 18 '22 08:02 sodul

@sodul while there hasn't been much actively this is not abandoned, see https://github.com/mozilla/sops/discussions/927

onedr0p avatar Feb 18 '22 09:02 onedr0p