Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[NET-8946 NET-8947 NET-8948] security: bump go, x/net and envoy versions #474

Merged
merged 3 commits into from
Apr 11, 2024

Conversation

dduzgun-security
Copy link
Collaborator

@dduzgun-security dduzgun-security commented Apr 10, 2024

Description
Upgrade to use Go 1.21.9. This resolves CVEs
CVE-2023-45288 (http2).

Upgrade to support Envoy 1.28.2. This resolves CVEs
CVE-2024-27919 (http2).

Upgrade to use golang.org/x/net v0.24.0. This resolves CVEs
CVE-2023-45288 (x/net).

Checklist
Tests added
CHANGELOG entry added

@dduzgun-security dduzgun-security changed the title security: bump go, x/net and envoy versions [NET-8946 NET-8947 NET-8948] security: bump go, x/net and envoy versions Apr 10, 2024
Dockerfile Outdated Show resolved Hide resolved
@dduzgun-security dduzgun-security marked this pull request as ready for review April 10, 2024 15:51
@dduzgun-security dduzgun-security requested a review from a team as a code owner April 10, 2024 15:51
Copy link
Member

@zalimeni zalimeni left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @dduzgun-security ! As w/ hashicorp/consul-k8s#3893, we'll want to backport this through 1.1.x.

Dockerfile Outdated Show resolved Hide resolved
@zalimeni zalimeni added backport/1.1 Changes are backported to 1.1 backport/1.2 backport/1.4 Changes are backported to 1.4 labels Apr 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport/1.1 Changes are backported to 1.1 backport/1.4 Changes are backported to 1.4
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants