Skip to content

v11.3.21

  • v11.3.21
  • 4aeefbc

  • Partially verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    We cannot verify signatures from co-authors, and some of the co-authors attributed to this commit require their commits to be signed.

  • Choose a tag to compare

    View all tags
v11.3.21: Release 11.3.21 (#30827)
  • v11.3.21
  • 4aeefbc

  • Choose a tag to compare

    View all tags

  • Partially verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    We cannot verify signatures from co-authors, and some of the co-authors attributed to this commit require their commits to be signed.
@camscale camscale tagged this 23 Aug 02:08 
* Release 11.3.21

* Add security fix changelog

* Update changelog with helm annotations PR as late addition

* Fix typo in changelog entry (spelling)

* Json Unmarshal Panic fix

From recent fuzzing work a new panic was discovered where a pointer is allocated then a pointer to the pointer is passed into json.Unmarshal.  It is then possible for this original pointer to remain a `nil` reference.

This pattern looks unexpected, so all cases of double pointers being passed into json.Unmarshal were changed to the more standard empty struct pointer style to avoid potential nil reference panics.

---------

Co-authored-by: Mike Jensen <mike.jensen@goteleport.com>
Assets 2
Loading