GHSA-h3q2-8whx-c29h, CVE-2024-23840
go/github.com/goreleaser/goreleaser
Insertion of Sensitive Information into Log File
GoReleaser builds Go binaries for several platforms, creates a GitHub release and then pushes a Homebrew formula to a tap repository. goreleaser release --debug
log shows secret values used in the in the custom publisher. This vulnerability is fixed in 1.24.0.
Version 1.23.0
Upgrade to version 1.24.0 or above.
2024-01-31
source |