Skip to content

update to go1.21.8#47502

Merged
vvoland merged 1 commit intomoby:masterfrom
vvoland:go-1.21.8
Mar 5, 2024
Merged

update to go1.21.8#47502
vvoland merged 1 commit intomoby:masterfrom
vvoland:go-1.21.8

Conversation

@vvoland
Copy link
Contributor

@vvoland vvoland commented Mar 5, 2024
edited
Loading

go1.21.8 (released 2024-03-05) includes 5 security fixes:

View the release notes for more information:
https://go.dev/doc/devel/release#go1.21.8

- What I did

- How I did it

- How to verify it

- Description for the changelog

- Upgrade Go runtime to [1.21.8](https://go.dev/doc/devel/release#go1.21.8).

- A picture of a cute animal (not mandatory but encouraged)

@vvoland
update to go1.21.8
57b7ffa 
go1.21.8 (released 2024-03-05) includes 5 security fixes

- crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783, https://go.dev/issue/65390)
- net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290, https://go.dev/issue/65383)
- net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289, https://go.dev/issue/65065)
- html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785, https://go.dev/issue/65697)
- net/mail: comments in display names are incorrectly handled (CVE-2024-24784, https://go.dev/issue/65083)

View the release notes for more information:
https://go.dev/doc/devel/release#go1.22.1

- https://github.com/golang/go/issues?q=milestone%3AGo1.21.8+label%3ACherryPickApproved
- full diff: golang/go@go1.21.7...go1.21.8

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
@vvoland vvoland added this to the 26.0.0 milestone Mar 5, 2024
@vvoland vvoland self-assigned this Mar 5, 2024
@vvoland vvoland requested a review from tianon as a code owner March 5, 2024 18:21
@vvoland vvoland marked this pull request as draft March 5, 2024 18:30
@vvoland vvoland mentioned this pull request Mar 5, 2024
Merged
@vvoland vvoland marked this pull request as ready for review March 5, 2024 19:57
thaJeztah
thaJeztah approved these changes Mar 5, 2024
View reviewed changes
Copy link
Member

@thaJeztah thaJeztah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@vvoland vvoland merged commit 460b4ae into moby:master Mar 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thaJeztah thaJeztah thaJeztah approved these changes

@tianon tianon Awaiting requested review from tianon tianon is a code owner

+1 more reviewer

@sam-thibault sam-thibault sam-thibault approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@vvoland vvoland

Labels

area/dependencies impact/changelog process/cherry-picked status/2-code-review

Projects

None yet

Milestone

26.0.0

Development

Successfully merging this pull request may close these issues.

3 participants

@vvoland @thaJeztah @sam-thibault