0ct0pu5/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

[20.10] update go to go1.19.11

Browse source 
go1.19.11 (released 2023-07-11) includes a security fix to the net/http package,
as well as bug fixes to cgo, the cover tool, the go command, the runtime, and
the go/printer package. See the Go 1.19.11 milestone on our issue tracker for
details:

https://github.com/golang/go/issues?q=milestone%3AGo1.19.11+label%3ACherryPickApproved

Full diff: https://github.com/golang/go/compare/go1.19.10...go1.19.11

These minor releases include 1 security fixes following the security policy:

net/http: insufficient sanitization of Host header

The HTTP/1 client did not fully validate the contents of the Host header.
A maliciously crafted Host header could inject additional headers or entire
requests. The HTTP/1 client now refuses to send requests containing an
invalid Request.Host or Request.URL.Host value.

Thanks to Bartek Nowotarski for reporting this issue.

Includes security fixes for [CVE-2023-29406 ][1] and Go issue https://go.dev/issue/60374

[1]: https://github.com/advisories/GHSA-f8f7-69v5-w4vx

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn 2023-07-17 16:21:03 +02:00
parent 0d4b9ed98b
commit 43fe787c23
No known key found for this signature in database
GPG key ID: 76698F39D527CE8C
4 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Dockerfile
View file

@ -3,7 +3,7 @@
ARG CROSS="false"
ARG SYSTEMD="false"
# IMPORTANT: When updating this please note that stdlib archive/tar pkg is vendored
ARG GO_VERSION=1.19.10
ARG GO_VERSION=1.19.11
ARG DEBIAN_FRONTEND=noninteractive
ARG VPNKIT_VERSION=0.5.0
ARG DOCKER_BUILDTAGS="apparmor seccomp"

2
Dockerfile.e2e
View file

@ -1,4 +1,4 @@
ARG GO_VERSION=1.19.10
ARG GO_VERSION=1.19.11
FROM golang:${GO_VERSION}-alpine AS base
ENV GO111MODULE=off

2
Dockerfile.simple
View file

@ -5,7 +5,7 @@
# This represents the bare minimum required to build and test Docker.
ARG GO_VERSION=1.19.10
ARG GO_VERSION=1.19.11
FROM golang:${GO_VERSION}-buster
ENV GO111MODULE=off

2
Dockerfile.windows
View file

@ -165,7 +165,7 @@ FROM microsoft/windowsservercore
# Use PowerShell as the default shell
SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
ARG GO_VERSION=1.19.10
ARG GO_VERSION=1.19.11
ARG GOTESTSUM_VERSION=v1.8.2
# Environment variable notes: