[PR #3887] [CLOSED] Update go-jose and crypto version #4860

New issue

Closed

opened 2026-05-05 14:50:09 -06:00 by gitea-mirror · 0 comments

gitea-mirror commented

2026-05-05 14:50:09 -06:00

Owner

📋 Pull Request Information

Original PR: https://github.com/fatedier/frp/pull/3887
Author: @YouZiFeiLe
Created: 12/22/2023
Status: ❌ Closed

Base: dev ← Head: securityupgrade

📝 Commits (1)

72c5642 Update go.mod

📊 Changes

1 file changed (+2 additions, -2 deletions)

View changed files

📝 go.mod (+2 -2)

📄 Description

WHY

After conducting a security scan on the current version of frp, I found that there are security issues in the Golang dependencies go-jose and crypto, corresponding to https://github.com/advisories/GHSA-2c7c-3mj9-8fqh and https://github.com/advisories/GHSA-45x7-px36-x8w8⁠, respectively.

Below is the description corresponding to the vulnerabilities.
https://scout.docker.com/v/GHSA-2c7c-3mj9-8fqh?utm_source=hub&utm_medium=ExternalLink
https://scout.docker.com/v/CVE-2023-48795?utm_source=hub&utm_medium=ExternalLink

The security vulnerability in go-jose has been fixed in version 3.0.1.
The security vulnerability in crypto has been fixed in version 0.17.0.

issues link:
https://github.com/fatedier/frp/issues/3886

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/fatedier/frp/pull/3887 **Author:** [@YouZiFeiLe](https://github.com/YouZiFeiLe) **Created:** 12/22/2023 **Status:** ❌ Closed **Base:** `dev` ← **Head:** `securityupgrade` --- ### 📝 Commits (1) - [`72c5642`](https://github.com/fatedier/frp/commit/72c5642b4a98af8fb77a736303742ba3b713a28f) Update go.mod ### 📊 Changes **1 file changed** (+2 additions, -2 deletions) <details> <summary>View changed files</summary> 📝 `go.mod` (+2 -2) </details> ### 📄 Description ### WHY After conducting a security scan on the current version of frp, I found that there are security issues in the Golang dependencies go-jose and crypto, corresponding to https://github.com/advisories/GHSA-2c7c-3mj9-8fqh and https://github.com/advisories/GHSA-45x7-px36-x8w8⁠, respectively. Below is the description corresponding to the vulnerabilities. https://scout.docker.com/v/GHSA-2c7c-3mj9-8fqh?utm_source=hub&utm_medium=ExternalLink https://scout.docker.com/v/CVE-2023-48795?utm_source=hub&utm_medium=ExternalLink The security vulnerability in go-jose has been fixed in version 3.0.1. The security vulnerability in crypto has been fixed in version 0.17.0. **issues link:** https://github.com/fatedier/frp/issues/3886  --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>