build: use latest golang v1.16.7 (Go CVE-2021-34558)

Rook CephObjectStore S3 connections may be affected by CVE-2021-34558. This is fixed in Go v1.16.6, so we update to the latest Go version available to ensure this is fixed in future builds. Signed-off-by: Blaine Gardner <blaine.gardner@redhat.com>
rook · Aug 16, 2021 · 1592c9b · 1592c9b
1 parent e2ea7e4
commit 1592c9b
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/images/cross/Dockerfile b/images/cross/Dockerfile
@@ -37,8 +37,8 @@ RUN DEBIAN_FRONTEND=noninteractive apt-get update && \
     DEBIAN_FRONTEND=noninteractive apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
 # install golang from the official repo
-RUN GO_VERSION=1.16.3 && \
-    GO_HASH=951a3c7c6ce4e56ad883f97d9db74d3d6d80d5fec77455c6ada6c1f7ac4776d2 && \
+RUN GO_VERSION=1.16.7 && \
+    GO_HASH=7fe7a73f55ba3e2285da36f8b085e5c0159e9564ef5f63ee0ed6b818ade8ef04 && \
     curl -fsSL https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz -o golang.tar.gz && \
     echo "${GO_HASH}  golang.tar.gz" | sha256sum -c - && \
     tar -C /usr/local -xzf golang.tar.gz && \