Skip to content

v1.7.0-rc2

Pre-release
Pre-release
Compare
Choose a tag to compare
@docmerlin docmerlin released this 22 Jul 19:29
· 58 commits to master since this release
v1.7.0-rc2
12bf41f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode. 
fix(security): update go to 1.18.4 (#2706)

This fixes the following CVEs in go
CVE-2022-1705: net/http: improper sanitization of Transfer-Encoding header (medium)
CVE-2022-1962: go/parser: stack exhaustion in all Parse* functions (negligible)
CVE-2022-28131: encoding/xml: stack exhaustion in Decoder.Skip (medium)
CVE-2022-30630: io/fs: stack exhaustion in Glob (medium)
CVE-2022-30631: compress/gzip: stack exhaustion in Reader.Read (medium)
CVE-2022-30632: path/filepath: stack exhaustion in Glob (medium)
CVE-2022-30633: encoding/xml: stack exhaustion in Unmarshal (medium)
CVE-2022-30635: encoding/gob: stack exhaustion in Decoder.Decode (medium)
CVE-2022-32148: When httputil.ReverseProxy.ServeHTTP was called with a Request.Header map (low)
Assets 2