Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Manual backport of [NET-4865] security: Upgrade Go and net/http CVE-2023-29406 into release/1.1.x #221

Conversation

zalimeni
Copy link
Member

Manual backport of #219.

zalimeni added 2 commits July 25, 2023 11:23
Upgrade to Go 1.20.6 and `net/http` 1.12.0 to resolve CVE-2023-29406.
Avoid testcontainers breakage due to validation added in Go 1.20.6 until
that issue is resolved. Keep the global version bump to 1.20.6 to
resolve CVEs.
@zalimeni zalimeni requested a review from a team July 25, 2023 15:24
@zalimeni zalimeni requested a review from a team as a code owner July 25, 2023 15:24
@zalimeni zalimeni requested review from modrake, alvin-huang and curtbushko and removed request for a team July 25, 2023 15:24
@zalimeni zalimeni enabled auto-merge July 25, 2023 15:33
@zalimeni zalimeni merged commit b9de6ab into release/1.1.x Jul 25, 2023
@zalimeni zalimeni deleted the backport/zalimeni/net-4865-bump-go-net_http-cve/manual-1.1.x branch July 25, 2023 15:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants