Hi I would like to follow up a bit on this comment...
# flytekith
honnix
08/29/2023, 9:24 AMHi I would like to follow up a bit on this comment https://github.com/flyteorg/flytekit/pull/1769#issuecomment-1691372912. How critical is the bug compared to the security issue? Thanks.
k
Ketan (kumare3)
08/29/2023, 1:48 PM
Cc @Yee do you know
y
Yee
08/29/2023, 5:04 PM
actually this is the issue https://github.com/grpc/grpc/issues/33935
Yee
08/29/2023, 5:06 PM
and if you could bump that more @honnix that would be great, we need more clout behind that ticket
h
honnix
08/30/2023, 7:18 AMI've managed to get another engineer on our side to bump the issue đŸ˜„ I will upvote it as well.
honnix
08/30/2023, 7:19 AMSo, this issue is indeed considered to be more important than the CVE, from flytekit perspective, is that correct?
k
Ketan (kumare3)
08/30/2023, 3:22 PM
Let’s post it in the community and ask everyone to upvote
y
Yee
08/30/2023, 5:51 PM
@honnix yeah it’s a correctness issue… it just fails in certain set-up configurations.
h
honnix
08/30/2023, 6:45 PMI see. If the impact is not wide spread, would it make sense to ask users to have the version pinned only for those set-up configurations? The CVE looks pretty serious according to Snyk.