[GODRIVER-1675] Ensure driver relies on x/text version 0.3.3 or higher to address security vulnerability Created: 07/Jul/20  Updated: 28/Oct/23  Resolved: 07/Jul/20

Status: Closed
Project: Go Driver
Component/s: None
Affects Version/s: None
Fix Version/s: 1.3.5

Type: Task Priority: Major - P3
Reporter: Divjot Arora (Inactive) Assignee: Divjot Arora (Inactive)
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14040 describes a security vulnerability in the x/text package. We should upgrade to version the latest stable version. The vulnerability was fixed in v0.3.3 according to the CVE.



 Comments   
Comment by Githook User [ 07/Jul/20 ]

Author:

{'name': 'Divjot Arora', 'email': 'divjot.arora@10gen.com', 'username': 'divjotarora'}

Message: GODRIVER-1675 Update x/text version to v0.3.3
Branch: release/1.3
https://github.com/mongodb/mongo-go-driver/commit/9f3c6c75b6210334167dd02772933fae183e8c67

Comment by Githook User [ 07/Jul/20 ]

Author:

{'name': 'Divjot Arora', 'email': 'divjot.arora@10gen.com', 'username': 'divjotarora'}

Message: GODRIVER-1675 Run go mod vendor

This was necessary to update the vendored version of x/text.
Branch: master
https://github.com/mongodb/mongo-go-driver/commit/9272366593d8acd4682292c6d99b2032afcc6842

Comment by Githook User [ 07/Jul/20 ]

Author:

{'name': 'Divjot Arora', 'email': 'divjot.arora@10gen.com', 'username': 'divjotarora'}

Message: GODRIVER-1675 Update x/text version to v0.3.3 (#440)
Branch: master
https://github.com/mongodb/mongo-go-driver/commit/d4eaf2d9a1c547610ac0e8c1734592fd64f2d878

Comment by Divjot Arora (Inactive) [ 07/Jul/20 ]

https://github.com/mongodb/mongo-go-driver/pull/440

Generated at Thu Feb 08 08:36:53 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.