csrf icon indicating copy to clipboard operation
csrf copied to clipboard
verified publisher icon gorilla

[BUG] Discrepancy between security reports?

Open fragglet opened this issue 6 months ago • 1 comments

Is there an existing issue for this?

  • [x] I have searched the existing issues

Current Behavior

Hi, GHSA-rq77-p4h8-4crw on this repository says that 1.7.2 contains the fix for the vulnerability, but GO-2025-3607 says that 1.7.3 contains the fix. Since the v.1.7.3 release announcement references the vulnerability, I assume that the GHSA advisory is incorrect and should be fixed?

Expected Behavior

No response

Steps To Reproduce

No response

Anything else?

No response

fragglet avatar Jul 28 '25 14:07 fragglet

@apoorvajagtap I think this issue was fixed in 1.7.3, right? If so, could you update the advisory with a patched version and affected versions < 1.7.3?

tommydehaas avatar Sep 05 '25 07:09 tommydehaas