We found the patch versions not appeared in Golang Index. #46071
Silence-worker-02
started this conversation in
Ideas
Replies: 1 comment
-
Istio is not consumed as a library. We distribute binaries. There is no need for it to be in the index, and if someone wants it they can always |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello, we are a research team working on Golang. During our investigation, we discovered that the following CVEs - CVE-2022-39278 234, CVE-2021-31921 234, CVE-2021-31920 234, CVE-2021-39155 234, CVE-2021-39156 234, CVE-2022-21679 234, CVE-2020-16844 234, CVE-2022-31045 234, CVE-2022-23635 233, CVE-2022-39388, CVE-2022-24726, CVE-2021-34824, CVE-2019-25014, CVE-2019-12243 were addressed and the patch versions were released. However, we noticed that these patch versions have not appeared in the Golang Index, which means that 'go list' cannot automatically push the patch versions to downstream users.
We recommend that after releasing the versions, you push them to the Golang Index using the command 'go get github.com/istio/istio@version'. This will enable the automatic distribution of the patch versions to downstream users. Thank you for your attention.
Beta Was this translation helpful? Give feedback.
All reactions