cve-2024-45337

[brunomurino]

Hi everyone,

We are using the docker image ghcr.io/drakkan/sftpgo:v2.6.4-plugins, and our security tool flagged this CVE on usr/local/bin/sftpgo-plugin-eventstore/PkgId:golang.org/x/[email protected].

Does anyone know if this actually impacts SFTPGo or if there are any mitigations in the code already, and if not, then how could I mitigate this one?

Many thanks!

[drakkan]

Thank you for using SFTPGo, we offer commercial plans if you want to use a supported copy of SFTPGo and/or need advice, support or warranties, as long as you use SFTPGo for free you must be able to self-support. Furthermore, if everyone used SFTPGo for free, the project would be abandoned in a few years because development and maintenance would not be sustainable. Thank you for your understanding and sorry for not answering your question