docs: update CVEs fixed on 3.0.2 and 2.1.3#26308
Conversation
| #### Version 3.0.2, 2.1.3 | ||
|
|
||
| | CVE | Title | Affected | | ||
| |:---------------|:------------------------------------------------------------|---------------------------:| |
There was a problem hiding this comment.
@dpgaspar We can assume that all fixes in 2.1.3 are present in 3.0.2. I suggest moving these to the 2.1.3 block and keep the incremental version order.
There was a problem hiding this comment.
could give the wrong impression that these fixes are included on 3.0.0 and 3.0.1
There was a problem hiding this comment.
You're right! Should we copy/duplicate them and keep the version order? It looks weird that 2.1.3 is defined twice.
michael-s-molina
left a comment
michael-s-molina
left a comment
There was a problem hiding this comment.
LGTM. Left a non-blocking comment.
| | CVE | Title | Affected | | ||
| |:---------------|:------------------------------------------------------------------------|---------:| | ||
| | CVE-2023-42504 | Lack of rate limiting allows for possible denial of service | < 2.1.3 | | ||
|
|
There was a problem hiding this comment.
you can also add if needed- if you're including dependency package bumps.
CVE-2023-30608
CVE-2023-30861
There was a problem hiding this comment.
I am not, we should track and patch these in an automated fashion
eschutho
left a comment
eschutho
left a comment
There was a problem hiding this comment.
LGTM.. left a comment but not a blocker.
mistercrunch
added
🏷️ bot
4 participants
SUMMARY
Update CVEs fixed on 3.0.2 and 2.1.3 on our documentation
BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF
TESTING INSTRUCTIONS
ADDITIONAL INFORMATION