update to go1.21.8

go1.21.8 (released 2024-03-05) includes 5 security fixes:

- crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783, https://go.dev/issue/65390)
- net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290, https://go.dev/issue/65383)
- net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289, https://go.dev/issue/65065)
- html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785, https://go.dev/issue/65697)
- net/mail: comments in display names are incorrectly handled (CVE-2024-24784, https://go.dev/issue/65083)

View the release notes for more information:
https://go.dev/doc/devel/release#go1.21.8

- https://github.com/golang/go/issues?q=milestone%3AGo1.21.8+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.21.6...go1.21.8

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit 3b77477943)
Signed-off-by: Austin Vazquez <macedonv@amazon.com>

This commit is contained in:

Paweł Gronowski

2024-03-05 22:04:00 +01:00

committed by

Cory Snider

parent 77a921c5c8

commit 7ff18d219f

7 changed files with 7 additions and 7 deletions

									
										2

.github/workflows/test.yml
									
										vendored
									
												View File
												
				@ -63,7 +63,7 @@ jobs:

				        name: Set up Go

				        uses: actions/setup-go@v3

				        with:

				          go-version: 1.21.7

				          go-version: 1.21.8

				      -

				        name: Test

				        run: |

update to go1.21.8

2 .github/workflows/test.yml vendored Unescape Escape View File

2

.github/workflows/test.yml vendored

View File