Security Updates - Package Bumps

rgsurfs · March 10, 2024, 12:29pm

I have some open CVEs from recent scan of dgraph 23.1.0.
I am on the github page, but don’t see any way to submit a security issue…

Is there anybody actively updating dgraph dependencies??

CVE: CVE-2020-15114
PackageName: etcd

CVE: CVE-2023-39325
PackageName: http2

CVE: CVE-2023-44487
PackageName: grpc

Robert

rft · March 10, 2024, 1:06pm

Hi @rgsurfs, I responded to your email yesterday requesting additional information. Please direct all security concerns to security@dgraph.io. Thanks!

Topic		Replies	Views
Dgraph Release Candidate v23.0.0-rc1 is now available Announce dgraph , release	3	680	May 3, 2023
Dgraph v1.0.12-rc6 release candidate Announce	2	676	March 6, 2019
Dgraph v22.0.0 is now GA Announce dgraph , release	4	1544	January 10, 2023
Dgraph v20.07.1-rc1 (Savvy Shuri - rc1) Announce	4	635	August 19, 2020
Dgraph Release v22.0.2 is now Generally Available Announce dgraph	7	1528	April 4, 2023

Security Updates - Package Bumps

Related Topics