Project

General

Profile

Actions
Copy link

Bug #58828

closed

examples/rgw/golang: dependabot complaining about golang.org/x/net/http2 vulnerability

Added by Casey Bodley about 1 year ago. Updated about 1 year ago.

Status:
Won't Fix
Priority:
Normal
Assignee:
-
Target version:
-
% Done:

0%

Source:
Tags:
examples
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

same warning about each golang example:

https://github.com/ceph/ceph/security/dependabot/80
https://github.com/ceph/ceph/security/dependabot/81
https://github.com/ceph/ceph/security/dependabot/82

Actions
Copy link
 #1

Updated by Casey Bodley about 1 year ago

  • Status changed from New to Won't Fix

i ended up dismissing those alerts. it was a http/2 denial-of-service vulnerability, but the examples are only using the http/1.1 client

Actions
Copy link

Also available in: Atom PDF