Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump Golang 1.11.4 (includes fix for CVE-2018-16875) #1585

Merged
merged 1 commit into from Jan 8, 2019

Conversation

Projects
None yet
5 participants
@thaJeztah
Copy link
Member

commented Dec 19, 2018

go1.11.4 (released 2018/12/14) includes fixes to cgo, the compiler, linker,
runtime, documentation, go command, and the net/http and go/types packages. It
includes a fix to a bug introduced in Go 1.11.3 that broke go get for import
path patterns containing "...".

See the Go 1.11.4 milestone for details:
https://github.com/golang/go/issues?q=milestone%3AGo1.11.4+label%3ACherryPickApproved

go1.11.3 (released 2018/12/14)

  • crypto/x509: CPU denial of service in chain validation golang/go#29233
  • cmd/go: directory traversal in "go get" via curly braces in import paths golang/go#29231
  • cmd/go: remote command execution during "go get -u" golang/go#29230

See the Go 1.11.3 milestone on the issue tracker for details:
https://github.com/golang/go/issues?q=milestone%3AGo1.11.3

Bump Golang 1.11.4 (includes fix for CVE-2018-16875)
go1.11.4 (released 2018/12/14) includes fixes to cgo, the compiler, linker,
runtime, documentation, go command, and the net/http and go/types packages. It
includes a fix to a bug introduced in Go 1.11.3 that broke go get for import
path patterns containing "...".

See the Go 1.11.4 milestone for details:
https://github.com/golang/go/issues?q=milestone%3AGo1.11.4+label%3ACherryPickApproved

go1.11.3 (released 2018/12/14)

- crypto/x509: CPU denial of service in chain validation golang/go#29233
- cmd/go: directory traversal in "go get" via curly braces in import paths golang/go#29231
- cmd/go: remote command execution during "go get -u" golang/go#29230

See the Go 1.11.3 milestone on the issue tracker for details:
https://github.com/golang/go/issues?q=milestone%3AGo1.11.3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@codecov-io

This comment has been minimized.

Copy link

commented Dec 19, 2018

Codecov Report

Merging #1585 into master will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master    #1585   +/-   ##
=======================================
  Coverage   55.26%   55.26%           
=======================================
  Files         289      289           
  Lines       19385    19385           
=======================================
  Hits        10713    10713           
  Misses       7977     7977           
  Partials      695      695
1 similar comment
@codecov-io

This comment has been minimized.

Copy link

commented Dec 19, 2018

Codecov Report

Merging #1585 into master will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master    #1585   +/-   ##
=======================================
  Coverage   55.26%   55.26%           
=======================================
  Files         289      289           
  Lines       19385    19385           
=======================================
  Hits        10713    10713           
  Misses       7977     7977           
  Partials      695      695
@vdemeester
Copy link
Member

left a comment

LGTM 🐯

@thaJeztah thaJeztah requested review from dnephin and silvin-lubecki Jan 7, 2019

@dnephin

dnephin approved these changes Jan 8, 2019

@thaJeztah thaJeztah merged commit 0d4a858 into docker:master Jan 8, 2019

9 checks passed

ci/circleci: cross Your tests passed on CircleCI!
Details
ci/circleci: lint Your tests passed on CircleCI!
Details
ci/circleci: shellcheck Your tests passed on CircleCI!
Details
ci/circleci: test Your tests passed on CircleCI!
Details
ci/circleci: validate Your tests passed on CircleCI!
Details
codecov/patch Coverage not affected when comparing 283d8f9...deaf6e1
Details
codecov/project 55.26% remains the same compared to 283d8f9
Details
continuous-integration/jenkins/pr-head This commit looks good
Details
dco-signed All commits are signed

@GordonTheTurtle GordonTheTurtle added this to the 19.03.0 milestone Jan 8, 2019

@thaJeztah thaJeztah deleted the thaJeztah:bump_golang_1.11.4 branch Jan 8, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.