Skip to content
Permalink
Browse files

Bump Golang 1.10.6 (CVE-2018-16875)

go1.10.6 (released 2018/12/14)

- crypto/x509: CPU denial of service in chain validation golang/go#29233
- cmd/go: directory traversal in "go get" via curly braces in import paths golang/go#29231
- cmd/go: remote command execution during "go get -u" golang/go#29230

See the Go 1.10.6 milestone on the issue tracker for details:
https://github.com/golang/go/issues?q=milestone%3AGo1.10.6

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
  • Loading branch information...
thaJeztah committed Dec 13, 2018
1 parent d21754a commit 8afe9f422dc0183ce48e1db09189ccbde634080a
Showing with 5 additions and 5 deletions.
  1. +2 −2 Dockerfile
  2. +1 −1 Dockerfile.e2e
  3. +1 −1 Dockerfile.simple
  4. +1 −1 Dockerfile.windows
@@ -24,10 +24,10 @@
# the case. Therefore, you don't have to disable it anymore.
#

FROM golang:1.10.5 AS base
FROM golang:1.10.6 AS base
# FIXME(vdemeester) this is kept for other script depending on it to not fail right away
# Remove this once the other scripts uses something else to detect the version
ENV GO_VERSION 1.10.5
ENV GO_VERSION 1.10.6
# allow replacing httpredir or deb mirror
ARG APT_MIRROR=deb.debian.org
RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
@@ -1,5 +1,5 @@
## Step 1: Build tests
FROM golang:1.10.5-alpine3.7 as builder
FROM golang:1.10.6-alpine3.7 as builder

RUN apk add --update \
bash \
@@ -42,7 +42,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
# will need updating, to avoid errors. Ping #docker-maintainers on IRC
# with a heads-up.
# IMPORTANT: When updating this please note that stdlib archive/tar pkg is vendored
ENV GO_VERSION 1.10.5
ENV GO_VERSION 1.10.6
RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" \
| tar -xzC /usr/local
ENV PATH /go/bin:/usr/local/go/bin:$PATH
@@ -161,7 +161,7 @@ SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPref
# Environment variable notes:
# - GO_VERSION must be consistent with 'Dockerfile' used by Linux.
# - FROM_DOCKERFILE is used for detection of building within a container.
ENV GO_VERSION=1.10.5 `
ENV GO_VERSION=1.10.6 `
GIT_VERSION=2.11.1 `
GOPATH=C:\go `
FROM_DOCKERFILE=1

0 comments on commit 8afe9f4

Please sign in to comment.
You can’t perform that action at this time.