Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade go.opentelemetry.io/proto #2724

Closed
MrAlias opened this issue Mar 24, 2022 · 1 comment · Fixed by #2728
Closed

Upgrade go.opentelemetry.io/proto #2724

MrAlias opened this issue Mar 24, 2022 · 1 comment · Fixed by #2728

Comments

@MrAlias
Copy link
Contributor

MrAlias commented Mar 24, 2022

open-telemetry/opentelemetry-proto-go#46 addresses the security vulnerability identified in open-telemetry/opentelemetry-proto-go#45.

We need to upgrade to the latest release of go.opentelemetry.io/proto once open-telemetry/opentelemetry-proto-go#46 is merged and release a fix.

This will likely require us to drop support for Go 1.16 prior to our stated support schedule (3 months). This was discussed at the latest SIG meeting and deemed worth the accelerated timeline as it will address a security vulnerability.

@MrAlias MrAlias added this to the Release v1.7.0 milestone Mar 24, 2022
@MrAlias
Copy link
Contributor Author

MrAlias commented Mar 24, 2022

open-telemetry/opentelemetry-proto-go#46 looks like it should be able to resolve the upgrade but maintain Go version support.

MrAlias added a commit to MrAlias/opentelemetry-go that referenced this issue Mar 25, 2022
MrAlias added a commit that referenced this issue Mar 27, 2022
* Upgrade go.opentelemetry.io/proto/otlp v0.12.0 -> v0.12.1

Fix #2724

* Update changelog
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant