We found the patch versions not appeared in Golang Index. #62
Closed
Silence-worker-02
started this conversation in
General
Replies: 1 comment
-
Thanks for the information! I believe this was caused due to the module url in go.mod being unversioned, while go-camo itself is 2.x (when a version is abscent, "v1" is assumed by Output after fixing go.mod: $ go list -m -u
github.com/cactus/go-camo/v2
$ curl -s https://proxy.golang.org/github.com/cactus/go-camo/v2/@latest
{"Version":"v2.4.4","Time":"2023-07-25T20:55:54Z","Origin":{"VCS":"git","URL":"https://github.com/cactus/go-camo","Ref":"refs/tags/v2.4.4","Hash":"4c82dc08e73d6182be4ef3e7e2ec4e9015081440"}}
$ go install -v github.com/cactus/go-camo/v2/cmd/go-camo@latest
go: downloading github.com/cactus/go-camo/v2 v2.4.4 |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello, we are a research team working on Golang. During our investigation, we discovered that the CVE-2019-18923 was addressed and the patch versions were released. However, we noticed that these patch versions have not appeared in the Golang Index, which means that 'go list' cannot automatically push the patch versions to downstream users.
We recommend that after releasing the versions, this will enable the automatic distribution of the patch versions to downstream users. Thank you for your attention.
Beta Was this translation helpful? Give feedback.
All reactions