Skip to content

Commit

Permalink
Bump go version to 1.11.13
Browse files Browse the repository at this point in the history 
**What**
- Using the base golang:1.11 docker image so that we can easily track
security patches for go 1.11. In particular this includes go 1.11.13,
which address

 https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg

> net/http: Denial of Service vulnerabilities in the HTTP/2 implementation
>
> net/http and golang.org/x/net/http2 servers that accept direct connections
> from untrusted clients could be remotely made to allocate an unlimited amount
> of memory, until the program crashes. Servers will now close connections if
> the send queue accumulates too many control messages.
>
> net/url: parsing validation issue
>
> url.Parse would accept URLs with malformed hosts, such that the Host field
> could have arbitrary suffixes that would appear in neither Hostname() nor
> Port(), allowing authorization bypasses in certain applications. Note that URLs
> with invalid, not numeric ports will now return an error from url.Parse.

Signed-off-by: Lucas Roesler <roesler.lucas@gmail.com>
  • Loading branch information
@LucasRoesler @alexellis
LucasRoesler authored and alexellis committed Aug 22, 2019
1 parent 28449bb commit 0f3cbbc
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM golang:1.10
FROM golang:1.11

RUN mkdir -p /go/src/github.com/openfaas-incubator/of-watchdog
WORKDIR /go/src/github.com/openfaas-incubator/of-watchdog
Expand Down

0 comments on commit 0f3cbbc

Please sign in to comment.