New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[CVE-2023-45288] net/http, x/net/http2: close connections when receiving too many headers #124173
Comments
This issue is currently awaiting triage. If a SIG or subproject determines this is a relevant issue, they will accept it by applying the The Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/sig architecture cc @kubernetes/release-managers |
more details in the announce email from golang folks - https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M/m/khALNYGdAAAJ |
perhaps relevant (still checking myself): golang/go#66668 |
/cc @kubernetes/release-team-release-signal |
Updated issue description with a TODO list so that we can keep track |
All PRs in description are merged. Can we close this? |
/close |
@dims: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Fixed in golang 1.22.2 released today along with other things.
https://github.com/golang/go/issues?q=milestone%3AGo1.22.2+label%3ACherryPickApproved
we also need to update x/net as well as we use that directly too:
golang/net@ba87210
xref: golang/go#65051
TODO of what we need to do in order to fully close this out:
golang.org/x/net
to v0.23.0 on all supported branchesgo1.22.2
orgo1.21.9
: Dependency update - Golang 1.22.2/1.21.9 release#3529go1.22.2
: [go] Bump images, dependencies and versions to go 1.22.2 and distroless iptables #124196go1.21.9
The text was updated successfully, but these errors were encountered: