Skip to content

Commit

Permalink
Bump version to v0.3.0
Browse files Browse the repository at this point in the history
  • Loading branch information
Wilken Rivera committed Jun 9, 2022
1 parent 73f8475 commit 9d151c7
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 6 deletions.
22 changes: 17 additions & 5 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,13 +1,25 @@
## 0.3.0 (Upcoming)

* multistep/commonsteps: Update settings for the default go-getter client to prevent arbitrary host access via go-getter's path traversal, symlink processing, and command injection flaws.
* multistep/commonsteps: Disable support for the `X-Terraform-Get` header to mitigate against protocol switching, endless redirect, and configuration bypass abuse of custom HTTP response header processing.
* multistep/commonsteps: Add default timeouts to the GitGetter, HgGetter, S3Getter, and GcsGetter getters to mitigate against resource exhaustion when calling out to external command line applications.
* sdk: Bump github.com/hashicorp/go-getter/v2, github.com/hashicorp/go-getter/gcs/v2, github.com/hashicorp/go-getter/s3/v2 to address a number of security vulnerabilities as defined in [HCSEC-2022-13](https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930)
* multistep/commonsteps: Add default timeouts to the GitGetter, HgGetter,
S3Getter, and GcsGetter getters to mitigate against resource exhaustion
when calling out to external command line applications.
* multistep/commonsteps: Disable support for the `X-Terraform-Get` header to
mitigate against protocol switching, endless redirect, and configuration
bypass abuse of custom HTTP response header processing.
* multistep/commonsteps: Update settings for the default go-getter client to
prevent arbitrary host access via go-getter's path traversal, symlink
processing, and command injection flaws.
* sdk: Bump github.com/hashicorp/go-getter/v2, github.com/hashicorp/go-
getter/gcs/v2, github.com/hashicorp/go-getter/s3/v2 to address a number of
security vulnerabilities as defined in
[HCSEC-2022-13](https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-
vulnerabilities-in-go-getter-library/39930)

## 0.2.13 (May 11, 2022)

* cmd/packer-sdc: Update golang.org/x/tools to fix internal package errors when running code generation commands with Go 1.18 [GH-108](https://github.com/hashicorp/packer-plugin-sdk/pull/108)
* cmd/packer-sdc: Update golang.org/x/tools to fix internal package errors when
running code generation commands with Go 1.18
[GH-108](https://github.com/hashicorp/packer-plugin-sdk/pull/108)

## 0.2.12 (May 03, 2022)

Expand Down
2 changes: 1 addition & 1 deletion version/version.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ import (
var GitCommit string

// Package version helps plugin creators set and track the sdk version using
var Version = "0.2.13"
var Version = "0.3.0"

// A pre-release marker for the version. If this is "" (empty string)
// then it means that it is a final release. Otherwise, this is a pre-release
Expand Down

0 comments on commit 9d151c7

Please sign in to comment.