Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[25.0 backport] update to go1.21.8 #4919

Merged
merged 1 commit into from Mar 5, 2024
Merged

[25.0 backport] update to go1.21.8 #4919

merged 1 commit into from Mar 5, 2024

Conversation

vvoland
Copy link
Contributor

@vvoland vvoland commented Mar 5, 2024

go1.21.8 (released 2024-03-05) includes 5 security fixes:

View the release notes for more information:
https://go.dev/doc/devel/release#go1.21.8

Signed-off-by: Paweł Gronowski pawel.gronowski@docker.com

@vvoland
update to go1.21.8
a3b6c9e 
go1.21.8 (released 2024-03-05) includes 5 security fixes:

- crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783, https://go.dev/issue/65390)
- net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290, https://go.dev/issue/65383)
- net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289, https://go.dev/issue/65065)
- html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785, https://go.dev/issue/65697)
- net/mail: comments in display names are incorrectly handled (CVE-2024-24784, https://go.dev/issue/65083)

View the release notes for more information:
https://go.dev/doc/devel/release#go1.21.8

- https://github.com/golang/go/issues?q=milestone%3AGo1.21.8+label%3ACherryPickApproved
- full diff: golang/go@go1.21.6...go1.21.8

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit 3b77477)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
@vvoland vvoland self-assigned this Mar 5, 2024
@codecov-commenter
Copy link

Codecov Report

Merging #4919 (a3b6c9e) into 25.0 (0735e78) will increase coverage by 0.00%.
Report is 17 commits behind head on 25.0.
The diff coverage is n/a.

Additional details and impacted files 
@@           Coverage Diff           @@
##             25.0    #4919   +/-   ##
=======================================
  Coverage   61.34%   61.35%           
=======================================
  Files         287      287           
  Lines       20088    20088           
=======================================
+ Hits        12322    12324    +2     
+ Misses       6871     6870    -1     
+ Partials      895      894    -1

thaJeztah
thaJeztah approved these changes Mar 5, 2024
View reviewed changes
Copy link
Member

@thaJeztah thaJeztah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@thaJeztah thaJeztah merged commit b4b35de into docker:25.0 Mar 5, 2024
86 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thaJeztah thaJeztah thaJeztah approved these changes

Assignees

@vvoland vvoland

Labels
area/packaging impact/changelog
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@vvoland @codecov-commenter @thaJeztah