pushgateway new release to address jquery css vuln. when?
30 views
Skip to first unread message
Don450
Sep 23, 2020, 1:48:22 PM9/23/20
to Prometheus Developers
My question is, when will the next release of pushgateway?
https://coderelease.io/github/repository/prometheus/pushgateway
The need is to address security concern jquery < 3.5.0 (pushgateway v1.2.0 release has jquery-3.4.1) CSS vuln.
This change has already been merged into master (updated to jquery-3.5.1)
https://github.com/prometheus/pushgateway/commit/3056a39317756d7225dbb1c88765e83091915211
Details of security concern:
https://www.tenable.com/plugins/nessus/136929
According to the self-reported version in the script, the version of JQuery hosted on the remote web server is greater than or equal to 1.2 and prior to 3.5.0. It is, therefore, affected by multiple cross site scripting vulnerabilities.
https://coderelease.io/github/repository/prometheus/pushgateway
The need is to address security concern jquery < 3.5.0 (pushgateway v1.2.0 release has jquery-3.4.1) CSS vuln.
This change has already been merged into master (updated to jquery-3.5.1)
https://github.com/prometheus/pushgateway/commit/3056a39317756d7225dbb1c88765e83091915211
Details of security concern:
https://www.tenable.com/plugins/nessus/136929
According to the self-reported version in the script, the version of JQuery hosted on the remote web server is greater than or equal to 1.2 and prior to 3.5.0. It is, therefore, affected by multiple cross site scripting vulnerabilities.
Bjoern Rabenstein
Oct 1, 2020, 6:44:53 AM10/1/20
to Don450, Prometheus Developers
On 23.09.20 10:48, Don450 wrote:
> My question is, when will the next release of pushgateway?
> https://coderelease.io/github/repository/prometheus/pushgateway
>
> The need is to address security concern jquery < 3.5.0 (pushgateway v1.2.0
> release has jquery-3.4.1) CSS vuln.
>
> This change has already been merged into master (updated to jquery-3.5.1)
> https://github.com/prometheus/pushgateway/commit/
> 3056a39317756d7225dbb1c88765e83091915211
AFAIK, the Pushgateway doesn't use any of the vulnerable
> My question is, when will the next release of pushgateway?
> https://coderelease.io/github/repository/prometheus/pushgateway
>
> The need is to address security concern jquery < 3.5.0 (pushgateway v1.2.0
> release has jquery-3.4.1) CSS vuln.
>
> This change has already been merged into master (updated to jquery-3.5.1)
> https://github.com/prometheus/pushgateway/commit/
> 3056a39317756d7225dbb1c88765e83091915211
functionality, so I wanted to batch up the next release with other
changes. Those never really materialized, and now it's 6 months since
the last release. I'll just cut a release today.
Thanks for the reminder.
--
Björn Rabenstein
[PGP-ID] 0x851C3DA17D748D03
[email] bjo...@rabenste.in
Reply all
Reply to author
Forward
0 new messages