Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
k
Keith Swagler
12/09/2022, 1:04 PMFYI the release page Zach set for fleetdm.com returns a 404
a
Andrew Baker
12/09/2022, 4:07 PMThanks for pointing this out! Here's a bit more information:
This patch release upgrades the Go version used in Fleet to address CVE-2022-41720 and CVE-2022-41717. While we believe these to be low-no impact to Fleet instances, we'd like you to avoid potential Denial of Service attacks or unrestricted file system access and feel that this is an important security fix.
cc: @zwass
z
zwass
12/09/2022, 4:08 PMAh thank you for pointing this out. Changing it to the GitHub URL since we don't do blog posts for patch releases.