Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump golang version to 1.21.8 #17533

Closed
ivanvc opened this issue Mar 6, 2024 · 4 comments · Fixed by #17542
Closed

Bump golang version to 1.21.8 #17533

ivanvc opened this issue Mar 6, 2024 · 4 comments · Fixed by #17542
Assignees
@liangyuanpeng
Labels
area/security area/tooling help wanted type/feature

Comments

@ivanvc
Copy link
Member

ivanvc commented Mar 6, 2024

What would you like to be added?

While working on another PR, I noticed several CVEs in the dependencies, some of which were addressed in Go 1.21.8, released today.

List of CVEs fixed in 1.21.8:

Why is this needed?

To address the published vulnerabilities.
@liangyuanpeng
Copy link
Contributor

/assign

This was referenced Mar 6, 2024
Merged
Merged
Closed
@ahrtr
Copy link
Member

ahrtr commented Mar 6, 2024

Please also update the changelog for both 3.4 and 3.5. Thanks.

This was referenced Mar 6, 2024
Merged
Merged
This was referenced Mar 6, 2024
Closed
Closed
@ivanvc
Copy link
Member Author

ivanvc commented Mar 6, 2024

I opened two PRs to address bbolt and raft.

@ahrtr
Copy link
Member

ahrtr commented Mar 6, 2024

I opened two PRs to address bbolt and raft.

Please read #17348 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@liangyuanpeng liangyuanpeng

Labels
area/security area/tooling help wanted type/feature
Milestone
No milestone
4 participants
@ivanvc @liangyuanpeng @ahrtr @jmhbnz