From 707180f04b084c04426bb3bff34eae63e743174b Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <101908552+octo-sts@users.noreply.github.com> Date: Fri, 22 Mar 2024 18:37:58 +0000 Subject: [PATCH 1/2] Adding Fixed Advisory GHSA-8pgv-569h-w5rw for temporal-sql-tool --- temporal-server.advisories.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/temporal-server.advisories.yaml b/temporal-server.advisories.yaml index cec1c1084..3c7fa00bb 100644 --- a/temporal-server.advisories.yaml +++ b/temporal-server.advisories.yaml @@ -112,3 +112,10 @@ advisories: type: fixed data: fixed-version: 1.22.6-r2 + + - id: GHSA-8pgv-569h-w5rw + events: + - timestamp: 2024-03-22T18:37:56Z + type: fixed + data: + fixed-version: 1.23.0-r0 From f9ae9a4387080b250d6cf0117c921c1e63f9f11c Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Sat, 23 Mar 2024 12:04:26 +0100 Subject: [PATCH 2/2] Update temporal-server.advisories.yaml Signed-off-by: Carlos Tadeu Panato Junior --- temporal-server.advisories.yaml | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/temporal-server.advisories.yaml b/temporal-server.advisories.yaml index 77b7ff37c..b26cccfcd 100644 --- a/temporal-server.advisories.yaml +++ b/temporal-server.advisories.yaml @@ -55,6 +55,10 @@ advisories: data: note: | We faced issues with "otlpmetricgrpc@v0.44.0/internal/transform/metricdata.go:108:18:undefined: metricdata.ExponentialHistogram" when upgrading otlpmetricgrpc to v0.46.0. It has some strict dependencies in the source code common/telemetry using an old version and thus this fix will require some code changes in upstream. + - timestamp: 2024-03-22T18:37:56Z + type: fixed + data: + fixed-version: 1.23.0-r0 - id: CVE-2023-48795 aliases: @@ -113,13 +117,6 @@ advisories: data: fixed-version: 1.22.6-r2 - - id: GHSA-8pgv-569h-w5rw - events: - - timestamp: 2024-03-22T18:37:56Z - type: fixed - data: - fixed-version: 1.23.0-r0 - - id: CVE-2024-27304 aliases: - GHSA-mrww-27vc-gghv