backport of commit 112d1d6

hashicorp · Apr 23, 2023 · cd3f552 · cd3f552
1 parent 7d098bd
commit cd3f552
Show file tree

Hide file tree

Showing 125 changed files with 1,619 additions and 6,727 deletions.
diff --git a/.changelog/1914.txt b/.changelog/1914.txt
diff --git a/.changelog/1920.txt b/.changelog/1920.txt
diff --git a/.changelog/1975.txt b/.changelog/1975.txt
diff --git a/.changelog/2068.txt b/.changelog/2068.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+sync-catalog: fix issue where the sync-catalog ACL token were set with an incorrect ENV VAR.
+```
diff --git a/.changelog/2083.txt b/.changelog/2083.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+api-gateway: fix issue where the API Gateway controller is unable to start up successfully when Vault is configured as the secrets backend
+```
diff --git a/.changelog/2108.txt b/.changelog/2108.txt
@@ -0,0 +1,12 @@
+```release-note:security
+Upgrade to use Go 1.19.9.
+This resolves vulnerabilities [CVE-2023-24537](https://github.com/advisories/GHSA-9f7g-gqwh-jpf5)(`go/scanner`),
+[CVE-2023-24538](https://github.com/advisories/GHSA-v4m2-x4rp-hv22)(`html/template`),
+[CVE-2023-24534](https://github.com/advisories/GHSA-8v5j-pwr7-w5f8)(`net/textproto`) and
+[CVE-2023-24536](https://github.com/advisories/GHSA-9f7g-gqwh-jpf5)(`mime/multipart`).
+Also, `golang.org/x/net` has been updated to v0.7.0 to resolve CVEs [CVE-2022-41721
+](https://github.com/advisories/GHSA-fxg5-wq6x-vr4w
+), [CVE-2022-27664](https://github.com/advisories/GHSA-69cg-p879-7622) and [CVE-2022-41723
+](https://github.com/advisories/GHSA-vvpx-j8f3-3w6h
+.)
+```