github
/
consul
mirror of https://github.com/hashicorp/consul
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Backport of [NET-8368] security: bump Go version to 1.21.8 into release/1.17.x (#20855) 

* backport of commit d65cacc7a6

* backport of commit 60ab1568ca

---------

Co-authored-by: dduzgun-security <deniz.duzgun@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
pull/20862/head
hc-github-team-consul-core 2024-03-14 10:04:46 -04:00 committed by GitHub
parent 861849be3f
commit 33b94d8880
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
.changelog/20812.txt Normal file
View File

@ -0,0 +1,14 @@
```release-note:security
Upgrade to use Go `1.21.8`. This resolves CVEs
[CVE-2024-24783](https://nvd.nist.gov/vuln/detail/CVE-2024-24783) (`crypto/x509`).
[CVE-2023-45290](https://nvd.nist.gov/vuln/detail/CVE-2023-45290) (`net/http`).
[CVE-2023-45289](https://nvd.nist.gov/vuln/detail/CVE-2023-45289) (`net/http`, `net/http/cookiejar`).
[CVE-2024-24785](https://nvd.nist.gov/vuln/detail/CVE-2024-24785) (`html/template`).
[CVE-2024-24784](https://nvd.nist.gov/vuln/detail/CVE-2024-24784) (`net/mail`).
```
```release-note:security
Update the Consul Build Go base image to `alpine3.19`. This resolves CVEs
[CVE-2023-52425](https://nvd.nist.gov/vuln/detail/CVE-2023-52425)
[CVE-2023-52426](https://nvd.nist.gov/vuln/detail/CVE-2023-52426)
```

2
.go-version
View File

@ -1 +1 @@
1.21.7 1.21.8

2
build-support/docker/Build-Go.dockerfile
View File

@ -2,6 +2,6 @@
# SPDX-License-Identifier: BUSL-1.1 # SPDX-License-Identifier: BUSL-1.1
ARG GOLANG_VERSION ARG GOLANG_VERSION
FROM golang:${GOLANG_VERSION} FROM golang:${GOLANG_VERSION}-alpine3.19
WORKDIR /consul WORKDIR /consul