-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Release v0.102.1 to address security risks #33496
Labels
needs triage
New item requiring triage
Comments
This was referenced Jun 19, 2024
v0.103.0 was released with the fix. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Component(s)
No response
confighttp and configgrpc OTLP receivers
Describe the issue you're reporting
I’ve noticed that the collector installation docs have instructions to install collector-contrib v0.102.1 (https://github.com/open-telemetry/opentelemetry-collector-contrib/releases). And of course that’s good advice: that’s the most recent version and addressed the security issue described in https://opentelemetry.io/blog/2024/cve-2024-36129/
However, the opentelemetry-collector-contrib repo’s most recent release is v102.0, see:
It seems weird that the contrib repo and the installation docs don’t match up and that the contrib repo doesn’t have a v0.102.1 release to match the docker v0.102.1 release and core collector v0.102.1 release. Because the contrib collector is used so widely, a v102.1 release would help document the security fixes and make it easy to install a contrib collector at the latest version.
The text was updated successfully, but these errors were encountered: