Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update go version due to security vuln (CVE-2024-24790) #178

Closed
eknowles opened this issue Aug 14, 2024 · 2 comments
Closed

update go version due to security vuln (CVE-2024-24790) #178

eknowles opened this issue Aug 14, 2024 · 2 comments

Comments

@eknowles
Copy link

Version 1.21.5

Fix versions 1.21.11, 1.22.4

There is a vulnerability in Go managing various Is methods (IsPrivate, IsLoopback, etc) for IPv4-mapped IPv6 addresses.

They didn't work as expected returning false for addresses which would return true in their traditional IPv4 forms.

References
CVE-2024-24790
@eknowles eknowles changed the title update go version due to security vuln update go version due to security vuln (CVE-2024-24790) Aug 14, 2024
bdon added a commit that referenced this issue Aug 15, 2024
@bdon
Bump go version to 1.21.13 [#178]
862b847
@bdon
Copy link
Member

bdon commented Aug 15, 2024

Thanks for finding this, PR in #179

bdon added a commit that referenced this issue Aug 15, 2024
@bdon
Bump go version to 1.21.13 [#178] (#179)
f9ff34e
@bdon
Copy link
Member

bdon commented Sep 9, 2024

Released in https://github.com/protomaps/go-pmtiles/releases/tag/v1.21.0

@bdon bdon closed this as completed Sep 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bdon @eknowles