Hi, Our assessment indicates that gRPC is not affected by this vulnerability; therefore, an immediate upgrade is not planned for this purpose.
Regards, Esun. On Sunday, April 13, 2025 at 11:42:06 PM UTC-7 Aleksander Sajber wrote: > Hi, > Is there any update on this matter? > > Regards, > Aleksander > > wtorek, 25 lutego 2025 o 15:55:49 UTC+1 Aleksander Sajber napisał(a): > >> Hello, >> gRPC is currently using a vulnerable version of c-ares (1.19.1), as noted >> in CVE-2024-25629 <https://nvd.nist.gov/vuln/detail/cve-2024-25629>. >> >> 1. Is gRPC affected by CVE-2024-25629? >> 2. Is there a plan to upgrade c-ares? >> Regards, >> Aleksander Sajber >> >> -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/grpc-io/917ce349-6f71-4b2d-a2f3-e0de2cd18d37n%40googlegroups.com.
