Skip to content

Commit

Permalink
update to go1.21.10
Browse files Browse the repository at this point in the history
These minor releases include 2 security fixes following the security policy:

- cmd/go: arbitrary code execution during build on darwin
On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to
usage of the -lto_library flag in a "#cgo LDFLAGS" directive.
Thanks to Juho Forsén of Mattermost for reporting this issue.
This is CVE-2024-24787 and Go issue https://go.dev/issue/67119.

- net: malformed DNS message can cause infinite loop
A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.
Thanks to long-name-let-people-remember-you on GitHub for reporting this issue, and to Mateusz Poliwczak for bringing the issue to
our attention.
This is CVE-2024-24788 and Go issue https://go.dev/issue/66754.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.22.3

- https://github.com/golang/go/issues?q=milestone%3AGo1.21.10+label%3ACherryPickApproved
- full diff: golang/go@go1.21.9...go1.21.10

**- Description for the changelog**

```markdown changelog
Update Go runtime to 1.21.10
```

Signed-off-by: Paweł Gronowski <[email protected]>
(cherry picked from commit eb99994)
Signed-off-by: Austin Vazquez <[email protected]>
  • Loading branch information
vvoland authored and austinvazquez committed Jul 23, 2024
1 parent 6d3fca6 commit 3194389
Show file tree
Hide file tree
Showing 7 changed files with 7 additions and 7 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ jobs:
name: Set up Go
uses: actions/setup-go@v3
with:
go-version: 1.21.9
go-version: 1.21.10
-
name: Test
run: |
Expand Down
2 changes: 1 addition & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# syntax=docker/dockerfile:1

ARG BASE_VARIANT=alpine
ARG GO_VERSION=1.21.9
ARG GO_VERSION=1.21.10
ARG ALPINE_VERSION=3.18
ARG XX_VERSION=1.1.1
ARG GOVERSIONINFO_VERSION=v1.3.0
Expand Down
2 changes: 1 addition & 1 deletion docker-bake.hcl
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
variable "GO_VERSION" {
default = "1.21.9"
default = "1.21.10"
}
variable "VERSION" {
default = ""
Expand Down
2 changes: 1 addition & 1 deletion dockerfiles/Dockerfile.dev
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# syntax=docker/dockerfile:1

ARG GO_VERSION=1.21.9
ARG GO_VERSION=1.21.10
ARG ALPINE_VERSION=3.18

ARG BUILDX_VERSION=0.11.2
Expand Down
2 changes: 1 addition & 1 deletion dockerfiles/Dockerfile.lint
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# syntax=docker/dockerfile:1

ARG GO_VERSION=1.21.9
ARG GO_VERSION=1.21.10
ARG ALPINE_VERSION=3.18
ARG GOLANGCI_LINT_VERSION=v1.52.2

Expand Down
2 changes: 1 addition & 1 deletion dockerfiles/Dockerfile.vendor
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# syntax=docker/dockerfile:1

ARG GO_VERSION=1.21.9
ARG GO_VERSION=1.21.10
ARG ALPINE_VERSION=3.18
ARG MODOUTDATED_VERSION=v0.8.0

Expand Down
2 changes: 1 addition & 1 deletion e2e/testdata/Dockerfile.gencerts
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# syntax=docker/dockerfile:1

ARG GO_VERSION=1.21.9
ARG GO_VERSION=1.21.10

FROM golang:${GO_VERSION}-alpine AS generated
RUN go install github.com/dmcgowan/quicktls@master
Expand Down

0 comments on commit 3194389

Please sign in to comment.