Hi I would like to follow up a bit on this comment...
# flytekits
steep-jackal-21573
08/29/2023, 9:24 AMHi I would like to follow up a bit on this comment https://github.com/flyteorg/flytekit/pull/1769#issuecomment-1691372912. How critical is the bug compared to the security issue? Thanks.
f
freezing-airport-6809
08/29/2023, 1:48 PM
Cc @thankful-minister-83577 do you know
t
thankful-minister-83577
08/29/2023, 5:04 PM
actually this is the issue https://github.com/grpc/grpc/issues/33935
thankful-minister-83577
08/29/2023, 5:06 PM
and if you could bump that more @steep-jackal-21573 that would be great, we need more clout behind that ticket
s
steep-jackal-21573
08/30/2023, 7:18 AMI've managed to get another engineer on our side to bump the issue 😄 I will upvote it as well.
steep-jackal-21573
08/30/2023, 7:19 AMSo, this issue is indeed considered to be more important than the CVE, from flytekit perspective, is that correct?
f
freezing-airport-6809
08/30/2023, 3:22 PM
Let’s post it in the community and ask everyone to upvote
👍 1
t
thankful-minister-83577
08/30/2023, 5:51 PM
@steep-jackal-21573 yeah it’s a correctness issue… it just fails in certain set-up configurations.
s
steep-jackal-21573
08/30/2023, 6:45 PMI see. If the impact is not wide spread, would it make sense to ask users to have the version pinned only for those set-up configurations? The CVE looks pretty serious according to Snyk.