Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update to go1.21.8 #47502

Merged
merged 1 commit into from
Mar 5, 2024
Merged

update to go1.21.8 #47502

merged 1 commit into from
Mar 5, 2024
+8 −8

Conversation

vvoland
Copy link
Contributor

@vvoland vvoland commented Mar 5, 2024
edited
Loading

go1.21.8 (released 2024-03-05) includes 5 security fixes:

View the release notes for more information:
https://go.dev/doc/devel/release#go1.21.8

- What I did

- How I did it

- How to verify it

- Description for the changelog

- Upgrade Go runtime to [1.21.8](https://go.dev/doc/devel/release#go1.21.8).

- A picture of a cute animal (not mandatory but encouraged)

@vvoland
update to go1.21.8
Loading
Loading status checks…
57b7ffa 
go1.21.8 (released 2024-03-05) includes 5 security fixes

- crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783, https://go.dev/issue/65390)
- net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290, https://go.dev/issue/65383)
- net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289, https://go.dev/issue/65065)
- html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785, https://go.dev/issue/65697)
- net/mail: comments in display names are incorrectly handled (CVE-2024-24784, https://go.dev/issue/65083)

View the release notes for more information:
https://go.dev/doc/devel/release#go1.22.1

- https://github.com/golang/go/issues?q=milestone%3AGo1.21.8+label%3ACherryPickApproved
- full diff: golang/go@go1.21.7...go1.21.8

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
@vvoland vvoland added this to the 26.0.0 milestone Mar 5, 2024
@vvoland vvoland self-assigned this Mar 5, 2024
@vvoland vvoland requested a review from tianon as a code owner March 5, 2024 18:21
@vvoland vvoland marked this pull request as draft March 5, 2024 18:30
@vvoland vvoland mentioned this pull request Mar 5, 2024
Merged
@vvoland vvoland marked this pull request as ready for review March 5, 2024 19:57
thaJeztah
thaJeztah approved these changes Mar 5, 2024
View reviewed changes
Copy link
Member

@thaJeztah thaJeztah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@vvoland vvoland merged commit 460b4ae into moby:master Mar 5, 2024
155 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thaJeztah thaJeztah

@sam-thibault sam-thibault

@tianon tianon

Assignees

@vvoland vvoland

Labels
area/dependencies impact/changelog process/cherry-picked status/2-code-review
Projects
None yet
Milestone
26.0.0
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@vvoland @thaJeztah @sam-thibault