Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump @aws-sdk/signature-v4-crt to >=3.54.1 if you have a direct dependency #3447

Closed
trivikr opened this issue Mar 18, 2022 · 1 comment
Closed

Bump @aws-sdk/signature-v4-crt to >=3.54.1 if you have a direct dependency #3447

trivikr opened this issue Mar 18, 2022 · 1 comment

Comments

@trivikr
Copy link
Member

trivikr commented Mar 18, 2022

A Denial-of-service certificate flaw was found in OpenSSL and patched on 3/15.

While the chance of an attacker exploiting this flaw through @aws-sdk/signature-v4-crt is low, we recommend you to update it to >=v3.54.1 if you have a direct dependency on it.

Related issue about need of adding direct dependency on @aws-sdk/signature-v4-crt #2822
@trivikr trivikr pinned this issue Mar 18, 2022
@trivikr trivikr closed this as completed Apr 8, 2022
@trivikr trivikr unpinned this issue Apr 8, 2022
@github-actions
Copy link

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs and link to relevant comments in this thread.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 23, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@trivikr