github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
3,131 Commits
32 Branches
863 Tags
625 MiB
Commit Graph

3 Commits (9bd4c8a9fc2b153c29fab48d4ffc643ca8cec91b)

Author SHA1 Message Date
Brad Davidson 239021e759 Consistently use constant-time comparison of password hashes 
As per https://github.com/golang/go/issues/47001 even subtle.ConstantTimeCompare should never be used with variable-length inputs, as it will return 0 if the lengths do not match. Switch to consistently using constant-time comparisons of hashes for password checks to avoid any possible side-channel leaks that could be combined with other vectors to discover password lengths.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-05-09 13:54:50 -07:00
Derek Nola f2bde63eea
Kubernetes v1.27.1 (#7271) 
* Bump go version to 1.20.3 to match upstream
* Bump cri-dockerd
* Bump golanci-lint
* go generate
* Bump selinux in cgroup test
* Bump to v1.27.1 tags
* Release documentation improvements
* Only run upgrade e2e test on PR

Signed-off-by: Derek Nola <derek.nola@suse.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Co-authored-by: Brad Davidson <brad.davidson@rancher.com>
 2023-04-18 21:48:36 -07:00
Erik Wilson acc42874d8
Add k8s.io/apiserver/plugins/pkg/authenticator from release-1.18 2020-08-28 17:18:34 -07:00