-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Cherrypick to v2.11] bump up beego to v2.2.1 (#20555) #21000
[Cherrypick to v2.11] bump up beego to v2.2.1 (#20555) #21000
Conversation
12ac369
to
5eb52cf
Compare
bump up beego v2.2.1 Co-authored-by: yminer <yminer@vmware.com> Signed-off-by: Mate Hajnal <hajnalmt@gmail.com>
5eb52cf
to
6bbd3fe
Compare
This is not in out plan for 2.11. So will close this for now. |
@MinerYang, Why is that not a good fix for 2.11.x and good 2.12.x? |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## release-2.11.0 #21000 +/- ##
=================================================
Coverage ? 66.33%
=================================================
Files ? 1044
Lines ? 113939
Branches ? 2845
=================================================
Hits ? 75577
Misses ? 34241
Partials ? 4121
Flags with carried forward coverage won't be shown. Click here to find out more.
|
To avoid any uncertainty in the Harbor patch release, we prefer not to upgrade the minor version of Beego; instead, we would like to stick with the patch release. Upgrading to a minor release would introduce code changes that we would like to avoid. To address the CVEs, I will discuss with the Beego maintainer to see if they can provide a patch for Harbor. If they are unable to assist, we can consider merging this PR. @Vad1mo |
Let's merge this PR to fix CVEs in v2.11.2 |
Bump up beego v2.2.1
Comprehensive Summary of your change
Cherry-picking MinerYang's commit:
https://github.com/goharbor/harbor/pull/20555/files
There were High security vulnerabilities in the beego versions <2.2.1
GHSA-wr3p-r5fj-wf9
GHSA-r6qh-j42j-pw64
I've checked and it seems none of them affects Harbor. Please confirm my take on this one.
Even though this does not affect Harbor it would be nice to have this in at least on the latest release.
Please indicate you've done the following: