github.com/golang-jwt/jwt/v4 - version #19219

dhamahes · 2025-01-17T14:20:51Z

Bug report criteria

This bug report is not security related, security issues should be disclosed privately via etcd maintainers.
This is not a support request or question, support requests or questions should be raised in the etcd discussion forums.
You have read the etcd bug reporting guidelines.
Existing open issues along with etcd frequently asked questions have been checked and this is not a duplicate.

What happened?

I have noted that github.com/golang-jwt/jwt/v4 - version 4.5.1 is available in the latest source code.
We are using etcd version 3.5.17 which has 4.4.2 which has now raised vulnerability.
Wanted to know when new version etcd will be release with github.com/golang-jwt/jwt/v4 -4.5.1 version

What did you expect to happen?

I have noted that github.com/golang-jwt/jwt/v4 - version 4.5.1 is available in the latest source code.
We are using etcd version 3.5.17 which has 4.4.2 which has now raised vulnerability.
Wanted to know when new version etcd will be release with github.com/golang-jwt/jwt/v4 -4.5.1 version

How can we reproduce it (as minimally and precisely as possible)?

I have noted that github.com/golang-jwt/jwt/v4 - version 4.5.1 is available in the latest source code.
We are using etcd version 3.5.17 which has 4.4.2 which has now raised vulnerability.
Wanted to know when new version etcd will be release with github.com/golang-jwt/jwt/v4 -4.5.1 version

Anything else we need to know?

No response

Etcd version (please run commands below)

./etcd -version
etcd Version: 3.5.14
Git SHA: bf51a53
Go Version: go1.21.10
Go OS/Arch: linux/amd64

Etcd configuration (command line flags or environment variables)

paste your configuration here

Etcd debug information (please run commands below, feel free to obfuscate the IP address or FQDN in the output)

$ etcdctl member list -w table
# paste output here

$ etcdctl --endpoints=<member list> endpoint status -w table
# paste output here

Relevant log output

The text was updated successfully, but these errors were encountered:

ahrtr · 2025-01-17T16:28:26Z

cc @ivanvc

ivanvc · 2025-01-17T19:09:31Z

Hi @dhamahes, thanks for reporting this. We'll release this update in 3.5.18. Reference: #18898 / #18901.

I'll close this issue once we do the 3.5.18 release.

Link to #19119

dhamahes added the type/bug label Jan 17, 2025

ahrtr added area/security release/v3.5 labels Jan 17, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

github.com/golang-jwt/jwt/v4 - version #19219

github.com/golang-jwt/jwt/v4 - version #19219

dhamahes commented Jan 17, 2025

paste your configuration here

ahrtr commented Jan 17, 2025

ivanvc commented Jan 17, 2025 •

edited

Loading

github.com/golang-jwt/jwt/v4 - version #19219

github.com/golang-jwt/jwt/v4 - version #19219

Comments

dhamahes commented Jan 17, 2025

Bug report criteria

What happened?

What did you expect to happen?

How can we reproduce it (as minimally and precisely as possible)?

Anything else we need to know?

Etcd version (please run commands below)

Etcd configuration (command line flags or environment variables)

paste your configuration here

Etcd debug information (please run commands below, feel free to obfuscate the IP address or FQDN in the output)

Relevant log output

ahrtr commented Jan 17, 2025

ivanvc commented Jan 17, 2025 • edited Loading

ivanvc commented Jan 17, 2025 •

edited

Loading