From dfc5542faceb55eef05734202cfd3e05fa71b3b0 Mon Sep 17 00:00:00 2001 From: hc-github-team-consul-core Date: Wed, 6 Dec 2023 15:14:22 -0600 Subject: [PATCH] Backport of [NET-6650] Bump go version to 1.20.12 into release/1.17.x (#19846) backport of commit af6045cdf1bfe8589d4ff5f03ffd327a39b62ced Co-authored-by: Ronald Ekambi --- .changelog/19840.txt | 7 +++++++ .github/workflows/build.yml | 22 +++++++++++----------- build-support/docker/Build-Go.dockerfile | 2 +- 3 files changed, 19 insertions(+), 12 deletions(-) create mode 100644 .changelog/19840.txt diff --git a/.changelog/19840.txt b/.changelog/19840.txt new file mode 100644 index 000000000000..f63948096e60 --- /dev/null +++ b/.changelog/19840.txt @@ -0,0 +1,7 @@ +```release-note:security +Upgrade to use Go 1.20.12. This resolves CVEs +[CVE-2023-45283](https://nvd.nist.gov/vuln/detail/CVE-2023-45283): (`path/filepath`) recognize \??\ as a Root Local Device path prefix (Windows) +[CVE-2023-45284](https://nvd.nist.gov/vuln/detail/CVE-2023-45285): recognize device names with trailing spaces and superscripts (Windows) +[CVE-2023-39326](https://nvd.nist.gov/vuln/detail/CVE-2023-39326): (`net/http`) limit chunked data overhead +[CVE-2023-45285](https://nvd.nist.gov/vuln/detail/CVE-2023-45285): (`cmd/go`) go get may unexpectedly fallback to insecure git +``` \ No newline at end of file diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index cc2e2437a050..3ef62eba0ef7 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -86,15 +86,15 @@ jobs: strategy: matrix: include: - - {go: "1.20.10", goos: "linux", goarch: "386"} - - {go: "1.20.10", goos: "linux", goarch: "amd64"} - - {go: "1.20.10", goos: "linux", goarch: "arm"} - - {go: "1.20.10", goos: "linux", goarch: "arm64"} - - {go: "1.20.10", goos: "freebsd", goarch: "386"} - - {go: "1.20.10", goos: "freebsd", goarch: "amd64"} - - {go: "1.20.10", goos: "windows", goarch: "386"} - - {go: "1.20.10", goos: "windows", goarch: "amd64"} - - {go: "1.20.10", goos: "solaris", goarch: "amd64"} + - {go: "1.20.12", goos: "linux", goarch: "386"} + - {go: "1.20.12", goos: "linux", goarch: "amd64"} + - {go: "1.20.12", goos: "linux", goarch: "arm"} + - {go: "1.20.12", goos: "linux", goarch: "arm64"} + - {go: "1.20.12", goos: "freebsd", goarch: "386"} + - {go: "1.20.12", goos: "freebsd", goarch: "amd64"} + - {go: "1.20.12", goos: "windows", goarch: "386"} + - {go: "1.20.12", goos: "windows", goarch: "amd64"} + - {go: "1.20.12", goos: "solaris", goarch: "amd64"} fail-fast: true name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build @@ -183,7 +183,7 @@ jobs: strategy: matrix: include: - - {go: "1.20.10", goos: "linux", goarch: "s390x"} + - {go: "1.20.12", goos: "linux", goarch: "s390x"} fail-fast: true name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build @@ -234,7 +234,7 @@ jobs: matrix: goos: [ darwin ] goarch: [ "amd64", "arm64" ] - go: [ "1.20.10" ] + go: [ "1.20.12" ] fail-fast: true name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build diff --git a/build-support/docker/Build-Go.dockerfile b/build-support/docker/Build-Go.dockerfile index 884bc4894af3..05147307615b 100644 --- a/build-support/docker/Build-Go.dockerfile +++ b/build-support/docker/Build-Go.dockerfile @@ -1,7 +1,7 @@ # Copyright (c) HashiCorp, Inc. # SPDX-License-Identifier: BUSL-1.1 -ARG GOLANG_VERSION=1.20.10 +ARG GOLANG_VERSION=1.20.12 FROM golang:${GOLANG_VERSION} WORKDIR /consul