Skip to content

v1.2.4
Compare
Choose a tag to compare
@hc-github-team-es-release-engineering hc-github-team-es-release-engineering released this 18 Dec 15:59
v1.2.4
3ce6130
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

1.2.4 (December 18, 2023)

SECURITY:

  • Upgrade to use Go 1.20.12. This resolves CVEs
    CVE-2023-45283: (path/filepath) recognize ??\ as a Root Local Device path prefix (Windows)
    CVE-2023-45284: recognize device names with trailing spaces and superscripts (Windows)
    CVE-2023-39326: (net/http) limit chunked data overhead
    CVE-2023-45285: (cmd/go) go get may unexpectedly fallback to insecure git [GH-353]

BUG FIXES:

  • Fix issue where the internal grpc-proxy would hit the max message size limit for xDS streams with a large amount of configuration. [GH-357]
Assets 2
Loading