security: update go version to 1.20.4 (#17240)

* update go version to 1.20.3 * add changelog * rename changelog file to remove underscore * update to use 1.20.4 * update change log entry to reflect 1.20.4
hashicorp · May 8, 2023 · 8d21467 · 8d21467
1 parent 42690d9
commit 8d21467
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 11 deletions.
diff --git a/.changelog/17240.txt b/.changelog/17240.txt
@@ -0,0 +1,12 @@
+```release-note:security
+Upgrade to use Go 1.20.4.
+This resolves vulnerabilities [CVE-2023-24537](https://github.com/advisories/GHSA-9f7g-gqwh-jpf5)(`go/scanner`),
+[CVE-2023-24538](https://github.com/advisories/GHSA-v4m2-x4rp-hv22)(`html/template`),
+[CVE-2023-24534](https://github.com/advisories/GHSA-8v5j-pwr7-w5f8)(`net/textproto`) and
+[CVE-2023-24536](https://github.com/advisories/GHSA-9f7g-gqwh-jpf5)(`mime/multipart`).
+Also, `golang.org/x/net` has been updated to v0.7.0 to resolve CVEs [CVE-2022-41721
+](https://github.com/advisories/GHSA-fxg5-wq6x-vr4w
+), [CVE-2022-27664](https://github.com/advisories/GHSA-69cg-p879-7622) and [CVE-2022-41723
+](https://github.com/advisories/GHSA-vvpx-j8f3-3w6h
+.)
+```
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -80,15 +80,15 @@ jobs:
     strategy:
       matrix:
         include:
-          - {go: "1.20.1", goos: "linux", goarch: "386"}
-          - {go: "1.20.1", goos: "linux", goarch: "amd64"}
-          - {go: "1.20.1", goos: "linux", goarch: "arm"}
-          - {go: "1.20.1", goos: "linux", goarch: "arm64"}
-          - {go: "1.20.1", goos: "freebsd", goarch: "386"}
-          - {go: "1.20.1", goos: "freebsd", goarch: "amd64"}
-          - {go: "1.20.1", goos: "windows", goarch: "386"}
-          - {go: "1.20.1", goos: "windows", goarch: "amd64"}
-          - {go: "1.20.1", goos: "solaris", goarch: "amd64"}
+          - {go: "1.20.4", goos: "linux", goarch: "386"}
+          - {go: "1.20.4", goos: "linux", goarch: "amd64"}
+          - {go: "1.20.4", goos: "linux", goarch: "arm"}
+          - {go: "1.20.4", goos: "linux", goarch: "arm64"}
+          - {go: "1.20.4", goos: "freebsd", goarch: "386"}
+          - {go: "1.20.4", goos: "freebsd", goarch: "amd64"}
+          - {go: "1.20.4", goos: "windows", goarch: "386"}
+          - {go: "1.20.4", goos: "windows", goarch: "amd64"}
+          - {go: "1.20.4", goos: "solaris", goarch: "amd64"}
       fail-fast: true
 
     name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build
@@ -177,7 +177,7 @@ jobs:
       matrix:
         goos: [ darwin ]
         goarch: [ "amd64", "arm64" ]
-        go: [ "1.20.1" ]
+        go: [ "1.20.4" ]
       fail-fast: true
 
     name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build

diff --git a/build-support/docker/Build-Go.dockerfile b/build-support/docker/Build-Go.dockerfile
@@ -1,4 +1,7 @@
-ARG GOLANG_VERSION=1.20.1
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+ARG GOLANG_VERSION=1.20.4
 FROM golang:${GOLANG_VERSION}
 
 WORKDIR /consul