Re: [prometheus-developers] pushgateway new release to address jquery css vuln. when?
On 23.09.20 10:48, Don450 wrote: > My question is, when will the next release of pushgateway? > https://coderelease.io/github/repository/prometheus/pushgateway > > The need is to address security concern jquery < 3.5.0 (pushgateway v1.2.0 > release has jquery-3.4.1) CSS vuln. > > This change has already been merged into master (updated to jquery-3.5.1) > https://github.com/prometheus/pushgateway/commit/ > 3056a39317756d7225dbb1c88765e83091915211 AFAIK, the Pushgateway doesn't use any of the vulnerable functionality, so I wanted to batch up the next release with other changes. Those never really materialized, and now it's 6 months since the last release. I'll just cut a release today. Thanks for the reminder. -- Björn Rabenstein [PGP-ID] 0x851C3DA17D748D03 [email] bjo...@rabenste.in -- You received this message because you are subscribed to the Google Groups "Prometheus Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to prometheus-developers+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-developers/20201001104450.GC29792%40jahnn.
[prometheus-developers] pushgateway new release to address jquery css vuln. when?
My question is, when will the next release of pushgateway? https://coderelease.io/github/repository/prometheus/pushgateway The need is to address security concern jquery < 3.5.0 (pushgateway v1.2.0 release has jquery-3.4.1) CSS vuln. *This change has already been merged into master (updated to jquery-3.5.1)* https://github.com/prometheus/pushgateway/commit/3056a39317756d7225dbb1c88765e83091915211 Details of security concern: https://www.tenable.com/plugins/nessus/136929 According to the self-reported version in the script, the version of JQuery hosted on the remote web server is greater than or equal to 1.2 and prior to 3.5.0. It is, therefore, affected by multiple cross site scripting vulnerabilities. -- You received this message because you are subscribed to the Google Groups "Prometheus Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to prometheus-developers+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-developers/350f8552-fba3-41bd-be1d-976b89b15ca5n%40googlegroups.com.
