Require a new Release to resolve vulnerabilities

[drushtant17]

Hi Team, below are the CVE's vulnerable for postgres_exporter image.

1. CVE-2023-48795 : Vulnerable library - golang.org/x/crypto with a version v0.14.0
2. CVE-2024-24786 : Vulnerable library - google.golang.org/protobuf with a version v1.31.0
3. CVE-2023-45288 : Vulnerable library - golang.org/x/net with a version v0.17.0

We can see upgraded versions for these libraries in master branch, so we require a release. The last version was released on 6 November 2023. Since then there are no updates. Can someone please take a look at it. Please consider a JIRA from our end - https://jira.cloudera.com/browse/DSE-36793

[JohnFrampton]

Please also update to a golang version without CVE https://nvd.nist.gov/vuln/detail/CVE-2024-24790 or https://github.com/golang/go/issues/67680

[JohnFrampton]

I would also very much appreciate a bugfix update :-)

[drushtant17]

Can someone please take look on this issue and provide the updates. We would like to know the release date of next version

[zagr0]

Hi, any news here? Would be really great to have patch release with vulnerability fixes.

[n-rodriguez]

Hi there! Any news?

[jonasbadstuebner]

Bumping, we need this too please and don't want to build it our own.

[l00ptr]

any news about this issue ?

[sysadmind]

#1088 will prepare a new release. Looks like the libraries have been updated in go.mod beyond what was originally reported here so I believe the new release will include the fixes.

[sysadmind]

v0.16.0 has been released

[n-rodriguez]

@sysadmind what about the other PRs that have been waiting for months?