Affected by GO-2023-1829 and 2 other vulnerabilities

GO-2023-1829: Notation vulnerable to denial of service from high number of artifact signatures in github.com/notaryproject/notation

GO-2023-1831: Notation's default `maxSignatureAttempts` in `notation verify` enables an endless data attack in github.com/notaryproject/notation

GO-2024-2472: Go package github.com/notaryproject/notation configured with permissive trust policies potentially susceptible to rollback attack from compromised registry

The highest tagged major version is v2.

version

package

v0.11.0-alpha.4 Latest Latest Go to latest Published: Oct 12, 2022 License: Apache-2.0 Imports: 0 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/notaryproject/notation

Links

Open Source Insights

Documentation ¶

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// Version shows the current notation version, optionally with pre-release.
	Version = "v0.11.0-alpha.4"

	// BuildMetadata stores the build metadata.
	BuildMetadata = "unreleased"
)

Functions ¶

func GetVersion ¶

func GetVersion() string

GetVersion returns the version string in SemVer 2.

Types ¶

This section is empty.

Source Files ¶

View all Source files

version.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL