Skip to content

[Deepin Integration]~[v25-Release] fix(golang-github-hashicorp-go-retryablehttp): CVE-2024-6104 by deepin-ci-robot@deepin-community/golang-github-hashicorp-go-retryablehttp by deepin-community-ci-bot[bot] #13154

Open
Open
[Deepin Integration]~[v25-Release] fix(golang-github-hashicorp-go-retryablehttp): CVE-2024-6104 by deepin-ci-robot@deepin-community/golang-github-hashicorp-go-retryablehttp by deepin-community-ci-bot[bot]#13154
Assignees
xuqi27837288
Labels
Project:integrated集成管理相关security
Milestone
v25-Release
@deepin-bot

Description

@deepin-bot
deepin-bot
bot
opened on Apr 30, 2026

Package information | 软件包信息

包名 版本
golang-github-hashicorp-go-retryablehttp 0.7.0-1deepin1

Package repository address | 软件包仓库地址

deb [trusted=yes] https://ci.deepin.com/repo/obs/deepin:/CI:/TestingIntegration:/test-integration-pr-3918/testing/ ./

Changelog | 更新信息

golang-github-hashicorp-go-retryablehttp (0.7.0-1deepin1) unstable; urgency=medium

  • Fix CVE-2024-6104: URL basic auth credentials leak in logs.
    • Add redactURL function to redact sensitive information from URLs
      before logging, preventing exposure of HTTP basic auth credentials.
    • Backport fix from upstream commit b2aee50.

Metadata

Metadata

Assignees

Labels

Project:integrated集成管理相关security

Type

No type

Projects

集成管理

Status

In progress

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions