FYI the release page Zach set for fleetdm.com returns a 404
a
Andrew Baker
12/09/2022, 4:07 PM
Thanks for pointing this out! Here's a bit more information:
This patch release upgrades the Go version used in Fleet to address CVE-2022-41720 and CVE-2022-41717. While we believe these to be low-no impact to Fleet instances, we'd like you to avoid potential Denial of Service attacks or unrestricted file system access and feel that this is an important security fix.
cc: @zwass
z
zwass
12/09/2022, 4:08 PM
Ah thank you for pointing this out. Changing it to the GitHub URL since we don't do blog posts for patch releases.