Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

go get -u golang.org/x/net #31908

Merged
merged 1 commit into from Oct 18, 2022
Merged

go get -u golang.org/x/net #31908

merged 1 commit into from Oct 18, 2022

Conversation

finnigja
Copy link
Contributor

This updates to a newer golang.org/x/net version, addressing CVE-2022-27664 (https://groups.google.com/g/golang-announce/c/x49AQzIVX-s, https://go.dev/issue/54658). This vulnerability is unlikely exposed in Terraform itself (is associated with HTTP/2 server functionality) but will cause vulnerability scan noise.

Target Release

1.4.x, 1.3.x

Draft CHANGELOG entry

BUG FIXES

  • Updated to newer golang.org/x/net version, which addressed CVE-2022-27664.

@finnigja finnigja added the 1.3-backport If you add this label to a PR before merging, backport-assistant will open a new PR once merged label Sep 30, 2022
@tspearconquest
Copy link

I came here to submit one for this. Good work.

@apparentlymart apparentlymart requested a review from a team October 5, 2022 17:19
@ChaosCypher ChaosCypher mentioned this pull request Oct 11, 2022
Merged
jbardin
jbardin approved these changes Oct 18, 2022
View reviewed changes
Copy link
Member

@jbardin jbardin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Double checked the diff between commits and didn't see anything surprising.

@jbardin jbardin merged commit 713421c into main Oct 18, 2022
@jbardin jbardin deleted the bump_net branch October 18, 2022 13:45
@teamterraform teamterraform mentioned this pull request Oct 18, 2022
Merged
@github-actions
Copy link

Reminder for the merging maintainer: if this is a user-visible change, please update the changelog on the appropriate release branch.

@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 18, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@jbardin jbardin jbardin approved these changes

@kmoe kmoe Awaiting requested review from kmoe

Assignees
No one assigned
Labels
1.3-backport If you add this label to a PR before merging, backport-assistant will open a new PR once merged
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@finnigja @tspearconquest @jbardin