Skip to content

Due to multiple CVEs and fds leak, need to upgrade golang to 1.12.8+ #5087

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
warmchang opened this issue Aug 15, 2019 · 8 comments · Fixed by #5095
Closed

Due to multiple CVEs and fds leak, need to upgrade golang to 1.12.8+ #5087

warmchang opened this issue Aug 15, 2019 · 8 comments · Fixed by #5095
Assignees
@medyagh
Labels
kind/security security issues priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release.
Milestone
v1.4.0

Comments

@warmchang
Copy link
Contributor

warmchang commented Aug 15, 2019
edited
Loading

Due to multiple CVEs and fds leak, need to upgrade golang to 1.12.9

xref:
golang/go#33405
golang/go@047a326
https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg
https://github.com/golang/go/issues?q=milestone%3AGo1.12.9+label%3ACherryPickApproved
https://groups.google.com/forum/#!topic/golang-announce/oeMaeUnkvVE
@oiooj oiooj mentioned this issue Aug 15, 2019
Closed
@tstromberg tstromberg added kind/security security issues priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. labels Aug 15, 2019
@tstromberg tstromberg added this to the v1.4.0 Candidate milestone Aug 15, 2019
@tstromberg
Copy link
Contributor

@medyagh has some ideas on this.

@medyagh
Copy link
Member

medyagh commented Aug 15, 2019

I am on it

@afbjorklund afbjorklund mentioned this issue Aug 15, 2019
Merged
@afbjorklund
Copy link
Collaborator

Also update build image to k8s.gcr.io/kube-cross:v1.12.8-1

@medyagh medyagh mentioned this issue Aug 15, 2019
Merged
@warmchang warmchang changed the title Due to multiple CVEs and fds leak, need to upgrade golang to 1.12.8 Due to multiple CVEs and fds leak, need to upgrade golang to 1.12.9 Aug 16, 2019
@warmchang
Copy link
Contributor Author

golang/go#33424 (comment)
kubernetes/kubernetes#79912 (comment)
https://github.com/golang/go/milestone/110?closed=1

go1.12.9 please. 😄

@afbjorklund
Copy link
Collaborator

afbjorklund commented Aug 16, 2019
edited
Loading

The title is misleading. Go 1.12.9 is not a security release, but a feature release (same as 1.12.7)
We should probably upgrade anyway, but.

@warmchang
Copy link
Contributor Author

The title is misleading. Go 1.12.9 is not a security release, but a feature release (same as 1.12.7)
We should probably upgrade anyway, but.

Just list the features we care about:
go1.12.9 = go1.12.8 + fds leak bug fixes = go1.12.7 + CVEs fixes + fds leak bug fixes

minikube use go1.12.7 now, that's why bump to go1.12.9 will include all of these.

@afbjorklund
Copy link
Collaborator

Yes, sounds good.

@afbjorklund afbjorklund changed the title Due to multiple CVEs and fds leak, need to upgrade golang to 1.12.9 Due to multiple CVEs and fds leak, need to upgrade golang to 1.12.8+ Aug 18, 2019
@afbjorklund
Copy link
Collaborator

We should upgrade again (to 1.12.9) before the 1.4.0 release, when go1.12.9 is available everywhere.

@warmchang warmchang mentioned this issue Aug 19, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@medyagh medyagh

Labels
kind/security security issues priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release.
Projects
None yet
Milestone
v1.4.0
Development

Successfully merging a pull request may close this issue.

Ensure specific golang version everywhere in CI based on Makefile medyagh/minikube
4 participants
@tstromberg @medyagh @afbjorklund @warmchang