Commit b5acf4d
committed
fix(controlplane): upgrade Atlas image to fix critical gRPC CVE
Upgrade Atlas from v1.1.7-0f00ade-canary to v1.1.7-2e53571-canary
which ships google.golang.org/grpc v1.79.3+, fixing GHSA-p77j-4mvh-x3m3
(Critical, CVSS 9.1) — gRPC-Go authorization bypass via missing leading
slash in :path header.
Closes #2941
Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev>1 parent 62867c0 commit b5acf4d
1 file changed
Lines changed: 4 additions & 4 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
2 | 2 | | |
3 | | - | |
4 | | - | |
5 | | - | |
6 | | - | |
| 3 | + | |
| 4 | + | |
| 5 | + | |
| 6 | + | |
7 | 7 | | |
8 | 8 | | |
9 | 9 | | |
| |||
0 commit comments