Skip to content

update go to go1.20.6#4421

Merged
thaJeztah merged 1 commit intodocker:masterfrom
thaJeztah:update_go_1.20.6
Jul 15, 2023
Merged

update go to go1.20.6#4421
thaJeztah merged 1 commit intodocker:masterfrom
thaJeztah:update_go_1.20.6

Conversation

@thaJeztah
Copy link
Member

@thaJeztah thaJeztah commented Jul 13, 2023
edited
Loading

go1.20.6 (released 2023-07-11) includes a security fix to the net/http package, as well as bug fixes to the compiler, cgo, the cover tool, the go command, the runtime, and the crypto/ecdsa, go/build, go/printer, net/mail, and text/template packages. See the Go 1.20.6 milestone on our issue tracker for details.

https://github.com/golang/go/issues?q=milestone%3AGo1.20.6+label%3ACherryPickApproved

Full diff: golang/go@go1.20.5...go1.20.6

These minor releases include 1 security fixes following the security policy:

net/http: insufficient sanitization of Host header

The HTTP/1 client did not fully validate the contents of the Host header. A maliciously crafted Host header could inject additional headers or entire requests. The HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.

Thanks to Bartek Nowotarski for reporting this issue.

Includes security fixes for CVE-2023-29406 and Go issue https://go.dev/issue/60374

- What I did

- How I did it

- How to verify it

- Description for the changelog

- A picture of a cute animal (not mandatory but encouraged)

@thaJeztah thaJeztah added this to the 25.0.0 milestone Jul 13, 2023
@codecov-commenter
Copy link

codecov-commenter commented Jul 13, 2023
edited
Loading

Codecov Report

Merging #4421 (680fafd) into master (6654ea1) will not change coverage.
The diff coverage is n/a.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #4421   +/-   ##
=======================================
  Coverage   59.40%   59.40%           
=======================================
  Files         288      288           
  Lines       24778    24778           
=======================================
  Hits        14719    14719           
  Misses       9173     9173           
  Partials      886      886

@thaJeztah
update go to go1.20.6
680fafd 
go1.20.6 (released 2023-07-11) includes a security fix to the net/http package,
as well as bug fixes to the compiler, cgo, the cover tool, the go command,
the runtime, and the crypto/ecdsa, go/build, go/printer, net/mail, and text/template
packages. See the Go 1.20.6 milestone on our issue tracker for details.

https://github.com/golang/go/issues?q=milestone%3AGo1.20.6+label%3ACherryPickApproved

Full diff: golang/go@go1.20.5...go1.20.6

These minor releases include 1 security fixes following the security policy:

net/http: insufficient sanitization of Host header

The HTTP/1 client did not fully validate the contents of the Host header.
A maliciously crafted Host header could inject additional headers or entire
requests. The HTTP/1 client now refuses to send requests containing an
invalid Request.Host or Request.URL.Host value.

Thanks to Bartek Nowotarski for reporting this issue.

Includes security fixes for [CVE-2023-29406 ][1] and Go issue https://go.dev/issue/60374

[1]: GHSA-f8f7-69v5-w4vx

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@thaJeztah thaJeztah marked this pull request as ready for review July 15, 2023 12:42
@thaJeztah
Copy link
Member Author

thaJeztah commented Jul 15, 2023

Rebased and moved out of draft, because #4422 was merged.

@thaJeztah thaJeztah mentioned this pull request Jul 15, 2023
Merged
crazy-max
crazy-max reviewed Jul 15, 2023
View reviewed changes
docker-bake.hcl
@@ -1,5 +1,5 @@
variable "GO_VERSION" {
default = "1.20.5"
default = "1.20.6"
Copy link
Member

@crazy-max crazy-max Jul 15, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We could use null value here to default with the one from Dockerfile: https://docs.docker.com/build/bake/reference/#targetargs

Copy link
Member Author

@thaJeztah thaJeztah Jul 15, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh dang; missed your comment; is that supported everywhere now? Want to open a PR?

@thaJeztah
Copy link
Member Author

thaJeztah commented Jul 15, 2023

Let me bring this one in

@thaJeztah thaJeztah merged commit d07dc5c into docker:master Jul 15, 2023
@thaJeztah thaJeztah deleted the update_go_1.20.6 branch July 15, 2023 12:55
@thaJeztah thaJeztah mentioned this pull request Jul 15, 2023
Merged
2 tasks
@thaJeztah thaJeztah mentioned this pull request Aug 1, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@crazy-max crazy-max crazy-max left review comments

Assignees

No one assigned

Labels

area/packaging impact/changelog status/2-code-review

Projects

None yet

Milestone

25.0.0

Development

Successfully merging this pull request may close these issues.

3 participants

@thaJeztah @codecov-commenter @crazy-max