Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix vulnerabilities on crypto, net and sys packages and change go ver… #1774

Merged
merged 2 commits into from
Aug 31, 2022
Merged

Fix vulnerabilities on crypto, net and sys packages and change go ver… #1774

merged 2 commits into from
Aug 31, 2022

Conversation

felipeconti
Copy link
Contributor

@felipeconti felipeconti commented Aug 29, 2022
edited
Loading

…sion on Docker builder stage

Description

This PR fix vulnerabilities and hit go version on Docker file builder stage

Motivation and Context

Fix the vulnerabilities CVE-2022-27191, CVE-2021-44716 and CVE-2022-29526

Trivy:
image

How Has This Been Tested?

make tests

Checklist:

  • My change requires a change to the documentation or CHANGELOG.
  • I have updated the documentation/CHANGELOG accordingly.
  • I have created a feature (non-master) branch for my PR.

@felipeconti felipeconti requested a review from a team as a code owner August 29, 2022 14:38
@JoelSpeed
Copy link
Member

Could you please add a changelog entry and I'll get this merged, thanks

@felipeconti
Copy link
Contributor Author

Sure, changelog done!

@JoelSpeed JoelSpeed merged commit ff03c43 into oauth2-proxy:master Aug 31, 2022
@JoelSpeed JoelSpeed mentioned this pull request Aug 31, 2022
Closed
@kforner
Copy link

kforner commented Sep 6, 2022

Any idea when a docker version with those fixes will be available in https://quay.io/repository/oauth2-proxy ?
Just to know, otherwise we will have to compile and dockerize by ourselves.

Thanks.

@JoelSpeed
Copy link
Member

I plan to cut a v7.4.0 release soon

phntom pushed a commit to phntom/oauth2-proxy that referenced this pull request Oct 8, 2022
@felipeconti @phntom
Fix vulnerabilities on crypto, net and sys packages and change go ver… (
7789f96 
oauth2-proxy#1774)

* Fix vulnerabilities on crypto, net and sys packages and change go version on Docker builder stage

* Changelog related PR $1774

Co-authored-by: Felipe Bonvicini Conti <felipe.conti@totvs.com.br>
(cherry picked from commit ff03c43)
@wccropper
Copy link

I plan to cut a v7.4.0 release soon

Hi @JoelSpeed , how soon is soon?

@JoelSpeed
Copy link
Member

#1862 resolves the remaining CVEs I'm aware of, so once that is merged I plan to cut a new release

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JoelSpeed JoelSpeed JoelSpeed approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@felipeconti @JoelSpeed @kforner @wccropper