Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

dependencies: allowlist CVE-2020-8277 to prevent false positives. #14228

Merged
merged 1 commit into from
Dec 1, 2020

Conversation

htuch
Copy link
Member

@htuch htuch commented Dec 1, 2020

The CVE scanner is alerting on CVE-2020-8277 despite the c-ares
upgrade in #14213, since the CVE applies to nodejs (and http-parser)
rather than c-ares.

Signed-off-by: Harvey Tuch [email protected]

The CVE scanner is alerting on CVE-2020-8277 despite the c-ares
upgrade in envoyproxy#14213, since the CVE applies to nodejs (and http-parser)
rather than c-ares.

Signed-off-by: Harvey Tuch <[email protected]>
@htuch htuch merged commit ae7d841 into envoyproxy:master Dec 1, 2020
mpuncel added a commit to mpuncel/envoy that referenced this pull request Dec 2, 2020
* master: (70 commits)
  upstream: avoid reset after end_stream in TCP HTTP upstream (envoyproxy#14106)
  bazelci: add fuzz coverage (envoyproxy#14179)
  dependencies: allowlist CVE-2020-8277 to prevent false positives. (envoyproxy#14228)
  cleanup: replace ad-hoc [0, 1] value types with UnitFloat (envoyproxy#14081)
  Update docs for skywalking tracer (envoyproxy#14210)
  Fix some errors in the switch statement when decode dubbo response (envoyproxy#14207)
  Windows: enable tests and envoy-static.exe pdb file (envoyproxy#13688)
  http: add Kill Request HTTP filter (envoyproxy#14170)
  dependencies: fix release_dates error behavior. (envoyproxy#14216)
  thrift filter: support skip decoding data after metadata in the thrift message (envoyproxy#13592)
  update cares (envoyproxy#14213)
  docs: clarify behavior of hedge_on_per_try_timeout (envoyproxy#12983)
  repokitteh: add support for randomized auto-assign. (envoyproxy#14185)
  [grpc] validate grpc config for illegal characters (envoyproxy#14129)
  server: Return nullopt when process_context is nullptr (envoyproxy#14181)
  [Windows] Fix thrift proxy tests (envoyproxy#13220)
  kafka: add missing unit tests (envoyproxy#14195)
  doc: mention gperftools explicitly in PPROF.md (envoyproxy#14199)
  Removed `--use-fake-symbol-table` option. (envoyproxy#14178)
  filter contract: clarification around local replies (envoyproxy#14193)
  ...

Signed-off-by: Michael Puncel <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants