highperfocused/lnd
1
0
Fork 0
mirror of https://github.com/lightningnetwork/lnd.git synced 2025-09-29 16:53:34 +02:00
Code Issues Packages Projects Releases Wiki Activity

mod:replace mongo driver to address CVE-2021-20329

Browse Source 
* The mongo driver has CVE https://github.com/advisories/GHSA-f6mq-5m25-4r72
* The mongo driver is an indirect reference and cannot be directly
upgraded.
* https://deps.dev/advisory/OSV/GO-2021-0112?from=%2Fgo%2Fgithub.com%252Flightningnetwork%252Flnd
* The fix will replace the reference of the library with the fixed
  version.
This commit is contained in:
naveen
2021-09-19 13:49:05 +00:00
parent c43b9e4fe7
commit 844dbc08e7
3 changed files with 62 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/release-notes/release-notes-0.14.0.md
View File

@@ -295,6 +295,8 @@ you.
* [Replace reference to XZ library with CVE](https://github.com/lightningnetwork/lnd/pull/5789)
* [Replace reference to mongo library with CVE](https://github.com/lightningnetwork/lnd/pull/5761)
* [Fixed restore backup file test flake with bitcoind](https://github.com/lightningnetwork/lnd/pull/5637).
* [Timing fix in AMP itest](https://github.com/lightningnetwork/lnd/pull/5725).