Upgrade Golang version to 1.22.2 due to CVE-2023-45288

Question

Upgrade Golang version to 1.22.2 due to CVE-2023-45288

ewoelfel opened this issue 7 months ago · 1 comments

Describe the problem
The redis-exporter in version 1.60.0 uses a go lang version of 1.20.0. This seems to cause a CVE.

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames

What version of redis_exporter are you running?
1.60.0

It would be great to increase the go version to 1.22.2 where this problem seems to be fixed.

Thank you

Answer 1 · 2024-06-07T06:31:53.000Z

INFO[0000] Redis Metrics Exporter v1.60.0    build date: 2024-05-31-06:17:53    sha1: de84178ae0d629f347ede1615195740e10fd42b5    Go: go1.22.3    GOOS: darwin    GOARCH: amd64