Hi,
Recently few critical vulnerabilities are reported in go version 1.19.7 with below CVEs.
https://nvd.nist.gov/vuln/detail/CVE-2023-24536
https://nvd.nist.gov/vuln/detail/CVE-2023-24537
https://nvd.nist.gov/vuln/detail/CVE-2023-24538
Seems these vulnerabilities are addressed with go version 1.19.8. Could someone help in updating go-version used in beats to 1.19.8?
Thanks.
Welcome to our community! 
Please see Security issues | Elastic for the best way to raise these issues with us, specifically;
Other security issues
Users and customers may report any other potential security issues to security@elastic.co. This address can be used for product security related inquiries or requests about other security topics that are not explicitly mentioned here. We can accept only security issues at this address. Bug reports should be directed to the bug database of the project you're reporting it on or raised to Elastic Support.
If you would like to encrypt your message to us, please use our PGP key. The fingerprint is
1224 D1A5 72A7 3755 B61A 377B 14D6 5EE0 D2AE 61D2
The key is available via keyservers; search for 'security@elastic.co'.
Thanks, reported the same to security@elastic.co.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.