-
Notifications
You must be signed in to change notification settings - Fork 870
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Release] Announce known vulnerabilities in each release #1273
Comments
Hi @jimpete, the hapi-related security vulnerabilities were addressed with #1146. That is a breaking change, so we have to wait for |
@tmarkley When you release 1.3.0 and 1.4.0 can you include the list of known security vulnerabilities in your announcement? |
@benwynn that is a great question. I don't think we have anything like that in place but we can discuss the options here. |
A quick note, these are the CVEs that we're aware of and will not be fixed until v2.0.0: https://github.com/opensearch-project/OpenSearch-Dashboards/issues?q=is%3Aissue+label%3Acve+label%3Av2.0.0+ |
This is fantastic and may give me enough information to temporarily release 1.2.3 into production with a promise to have these closed. |
I need the hapi version called out in the latest package.json to pass sysdig scanning. Looks like 1.2.0 was 6 months ago. What is your cadence? Can you build a new version with the current security patches? I need this fix: hapijs/hapi@85d7801 which is already called out in the package.json
The text was updated successfully, but these errors were encountered: