Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vulnerability warning CVE-2022-2097 #195

Closed
eli-darkly opened this issue Jul 11, 2022 · 1 comment
Closed

vulnerability warning CVE-2022-2097 #195

eli-darkly opened this issue Jul 11, 2022 · 1 comment

Comments

@eli-darkly
Copy link
Contributor

LD has opened this issue to let everyone know that we're aware of this vulnerability report, and we will release a patch version of our Docker image to address it as soon as possible.

It's our policy to make any necessary dependency/platform updates for such issues no matter what, but we also look into the details to determine how much of an actual risk these represent, if any, to Relay Proxy installations that are currently running. Here is our analysis:

  • We do not think this openssl vulnerability applies to the Relay Proxy. For making or receiving secure connections, the Relay Proxy does not use openssl; instead it uses the Go runtime's TLS implementation.
Merged
@eli-darkly
Copy link
Contributor Author

This is fixed in the 6.7.10 release.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@eli-darkly