Upgrade out of CVEs

bbemis · June 3, 2024, 6:07pm

Hi,

I’m using a trivy image scan to detect vulnerabilities on my project and noticed that the there are a few vulnerabilities being detected inside the temporal python sdk. Actually, they appear to be nested fairly deep in the rust libraries.

CVE-2024-27308
CVE-2024-32650
GHSA-q6cp-qfwq-4gcv

Is it possible to upgrade out of these in the next sdk release?

Chad_Retz · June 3, 2024, 6:12pm

Yes, see [Feature Request] Update rustls and mio in Rust dependencies · Issue #520 · temporalio/sdk-python · GitHub. We will look to do this before next release.

Topic		Replies	Views
Upgrade go stdlib to resolve CVEs Server Deployment	2	77	October 16, 2024
Latest versions of server and UI have security issues Community Support	1	408	November 8, 2022
Receiving security vulnerability in JAVA SDK 1.23.1 Community Support java-sdk	1	15	October 13, 2024
Security vulnerability in temporal image Server Deployment security	3	616	October 18, 2022
Vulnerability detected by Snyk in Go SDK Community Support go-sdk	0	569	October 12, 2023

Upgrade out of CVEs

Related topics