github
/
consul
mirror of https://github.com/hashicorp/consul
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

[NET-8368] security: bump Go version to 1.21.8 (#20812) 

* [NET-8368] Bump Go version
pull/20824/head
Deniz Onur Duzgun 8 months ago committed by GitHub
parent
bfbc0ee4fd
commit
e9029ccd7a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 16 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 14
      .changelog/20812.txt
  2. 2
      .go-version
  3. 2
      build-support/docker/Build-Go.dockerfile

14
.changelog/20812.txt
Unescape View File

@ -0,0 +1,14 @@
```release-note:security
Upgrade to use Go `1.21.8`. This resolves CVEs
[CVE-2024-24783](https://nvd.nist.gov/vuln/detail/CVE-2024-24783) (`crypto/x509`).
[CVE-2023-45290](https://nvd.nist.gov/vuln/detail/CVE-2023-45290) (`net/http`).
[CVE-2023-45289](https://nvd.nist.gov/vuln/detail/CVE-2023-45289) (`net/http`, `net/http/cookiejar`).
[CVE-2024-24785](https://nvd.nist.gov/vuln/detail/CVE-2024-24785) (`html/template`).
[CVE-2024-24784](https://nvd.nist.gov/vuln/detail/CVE-2024-24784) (`net/mail`).
```
```release-note:security
Update the Consul Build Go base image to `alpine3.19`. This resolves CVEs
[CVE-2023-52425](https://nvd.nist.gov/vuln/detail/CVE-2023-52425)
[CVE-2023-52426](https://nvd.nist.gov/vuln/detail/CVE-2023-52426)
```

2
.go-version
Unescape View File

@ -1 +1 @@
1.21.7 1.21.8

2
build-support/docker/Build-Go.dockerfile
Unescape View File

@ -2,6 +2,6 @@
# SPDX-License-Identifier: BUSL-1.1 # SPDX-License-Identifier: BUSL-1.1
ARG GOLANG_VERSION ARG GOLANG_VERSION
FROM golang:${GOLANG_VERSION} FROM golang:${GOLANG_VERSION}-alpine3.19
WORKDIR /consul WORKDIR /consul

Write Preview
Loading…
Cancel
Save