Upgraded go version for 2.7.x

Hi all, I'm currently running ECK 2.7.0 but noticed a critical injection cve, CVE-2023-24538, that's brought in from the version of golang ECK runs with. I see since then, the go version has been updated (Update docker.io/library/golang Docker tag to v1.20.4 by renovate[bot] · Pull Request #6752 · elastic/cloud-on-k8s · GitHub).

Would it be possible to release 2.7.x with the upgraded go version to avoid this vulnerability? Alternatively, when is 2.8.0 scheduled to be released?


Please see Security issues | Elastic for the best way to get a response for possible security issues like this :slight_smile:

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.