Groups keyboard shortcuts have been updated
Dismiss
See shortcuts
v4.7.5 potential release date discussion
21 views
Skip to first unread message
Kieran Muller
Sep 19, 2024, 10:08:32 AM9/19/24
to clair-dev
Hi folks!
Just wanted to reach out to get a rough ballpark estimate on the next release of quay/clair?
Noticed v4.7.4 has a vulnerability on gopkg.in/square/go-jose.v2-v2.6.0 which one of our tools has caught on CI. Due to various process, we've raised a risk and given ourselves a timeline to resolve/mitigate.
Unfortunately due to the module moving location, a simple replace on the module does not work and I noticed the current go.mod contains a patched, non-vulnerable version.
I'm in no way putting the pressure on! Just thought I'd throw out an ask so we can handle our risk appropriately!
I look forward to hearing from you!
Thanks,
Kieran
Just wanted to reach out to get a rough ballpark estimate on the next release of quay/clair?
Noticed v4.7.4 has a vulnerability on gopkg.in/square/go-jose.v2-v2.6.0 which one of our tools has caught on CI. Due to various process, we've raised a risk and given ourselves a timeline to resolve/mitigate.
Unfortunately due to the module moving location, a simple replace on the module does not work and I noticed the current go.mod contains a patched, non-vulnerable version.
I'm in no way putting the pressure on! Just thought I'd throw out an ask so we can handle our risk appropriately!
I look forward to hearing from you!
Thanks,
Kieran
Joseph Crosland
Nov 15, 2024, 4:19:36 PM11/15/24
to clair-dev
Sorry, only just saw this.
I take it you are squared away with the v4.8.0 release on Oct 9th?
Thanks,
Crozzy
Reply all
Reply to author
Forward
0 new messages