Actions
Architecture #23559
closed
Update curl to 8.4.0
Fix check:
Checked
Regression:
No
Description
We are not affected by the outstanding vulnerability (https://nvd.nist.gov/vuln/detail/CVE-2023-38545), which only affects socks5 proxies. We don't use them nor allow control of the env variables in the context where curl runs.
Updated by Alexis Mousset about 1 year ago
- Status changed from New to In progress
- Assignee set to Alexis Mousset
Updated by Alexis Mousset about 1 year ago
- Status changed from In progress to Pending technical review
- Assignee changed from Alexis Mousset to Vincent MEMBRÉ
- Pull Request set to https://github.com/Normation/rudder-packages/pull/2823
Updated by Alexis Mousset about 1 year ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder-packages|390d5f6f2b2c79a94181a5b132b74b6a89f2fe0f.
Updated by Alexis Mousset about 1 year ago
- Fix check changed from To do to Checked
Updated by Vincent MEMBRÉ about 1 year ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 7.3.8 and 8.0.1 which were released today.
Updated by Nicolas CHARLES about 1 year ago
- Related to Bug #23697: Rudder built-in curl fails to check dav password in 7.3.8 added
Updated by
Actions