Skip to content
Browse files

Bump Golang 1.11.3 (CVE-2018-16875)

go1.11.13 (released 2018/12/14)

- crypto/x509: CPU denial of service in chain validation golang/go#29233
- cmd/go: directory traversal in "go get" via curly braces in import paths golang/go#29231
- cmd/go: remote command execution during "go get -u" golang/go#29230

See the Go 1.11.3 milestone on the issue tracker for details:

Signed-off-by: Sebastiaan van Stijn <>
Upstream-commit: 6b7c093b0de21d574ce120aee891e60187749174
Component: engine
  • Loading branch information...
thaJeztah committed Dec 13, 2018
1 parent ab519e9 commit 8698a97b77a8dedcfff48daefa3ebdfcc01b3a28
@@ -24,7 +24,7 @@
# the case. Therefore, you don't have to disable it anymore.

FROM golang:1.11.2 AS base
FROM golang:1.11.3 AS base
# allow replacing httpredir or deb mirror
RUN sed -ri "s/(httpredir|deb)$APT_MIRROR/g" /etc/apt/sources.list
@@ -1,5 +1,5 @@
## Step 1: Build tests
FROM golang:1.11.2-alpine3.7 as builder
FROM golang:1.11.3-alpine3.7 as builder

RUN apk --no-cache add \
bash \
@@ -5,7 +5,7 @@

# This represents the bare minimum required to build and test Docker.

FROM golang:1.11.2-stretch
FROM golang:1.11.3-stretch

# allow replacing httpredir or deb mirror
@@ -161,7 +161,7 @@ SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPref
# Environment variable notes:
# - GO_VERSION must be consistent with 'Dockerfile' used by Linux.
# - FROM_DOCKERFILE is used for detection of building within a container.
GIT_VERSION=2.11.1 `
GOPATH=C:\go `

0 comments on commit 8698a97

Please sign in to comment.
You can’t perform that action at this time.