MinatoWu opened a new pull request, #820: URL: https://github.com/apache/incubator-seata-go/pull/820
This commit fixes a security vulnerability in Go's official standard library dependency: Bug ID: [GO-2024-2687](https://pkg.go.dev/vuln/GO-2024-2687) Vulnerability module: golang.org/x/net Affected versions: v0.17.0 and below Fixed version: v0.23.0 and above Vulnerability Description: An attacker could launch a Flood attack in HTTP/2 requests by constructing a large number of invalid CONTINUATION frames, causing server-side resource exhaustion and thus causing a denial of service (DoS). Fix: Upgrade golang.org/x/net module from v0.17.0 to security version v0.23.0 to introduce protection logic against CONTINUATION Flood. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@seata.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: notifications-unsubscr...@seata.apache.org For additional commands, e-mail: notifications-h...@seata.apache.org
