Azure/kubelogin

Update golang.org/x/net to fix CVE-2023-45288

Closed this issue · 2 comments

waqasabdul commented

The golang.org/x/net (v0.21.0) shipped in latest release v0.1.2 https://github.com/Azure/kubelogin/releases/tag/v0.1.2 has a vulnerability CVE-2023-45288.

It can be resolved by updating golang.org/x/net to 0.23.0

bcho commented

hi thanks for reporting, I just merged #451 for mitigating this CVE. Will prepare a new release on next Monday. cc @weinong

  • 👍1
bcho commented

We just published the https://github.com/Azure/kubelogin/releases/tag/v0.1.3 with the fix of x/net, PTAL

  • 🎉1