cve-2024-45337 #1849
Unanswered
brunomurino
asked this question in
Q&A
cve-2024-45337
#1849
Replies: 1 comment
-
|
Thank you for using SFTPGo, we offer commercial plans if you want to use a supported copy of SFTPGo and/or need advice, support or warranties, as long as you use SFTPGo for free you must be able to self-support. Furthermore, if everyone used SFTPGo for free, the project would be abandoned in a few years because development and maintenance would not be sustainable. Thank you for your understanding and sorry for not answering your question |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi everyone,
We are using the docker image
ghcr.io/drakkan/sftpgo:v2.6.4-plugins, and our security tool flagged this CVE onusr/local/bin/sftpgo-plugin-eventstore/PkgId:golang.org/x/crypto@v0.29.0.Does anyone know if this actually impacts SFTPGo or if there are any mitigations in the code already, and if not, then how could I mitigate this one?
Many thanks!
Beta Was this translation helpful? Give feedback.
All reactions