New nsc version inlcuding latest nkeys vuln patch

Question

New nsc version inlcuding latest nkeys vuln patch

Closed this issue 9 months ago · 2 comments

What motivated this proposal?

Our scanner detects the vulnerability CVE-2023-46129 in the package github.com/nats-io/nkeys. From this PR #622 we see the new version is there, but not released yet.

What is the proposed change?

Release a new nsc version including the patch.
Thank you

Who benefits from this change?

No response

What alternatives have you evaluated?

No response

Answer 1 · 2023-11-06T16:23:39.000Z

working on that.

Answer 2 · 2023-11-06T16:37:13.000Z

I just released 2.8.3 - noticed that the 2.8.2 release was staged but not published. v2.8.3 should be happy with the CVE scans!.