Bump Golang 1.11.4 (includes fix for CVE-2018-16875)
go1.11.4 (released 2018/12/14) includes fixes to cgo, the compiler, linker, runtime, documentation, go command, and the net/http and go/types packages. It includes a fix to a bug introduced in Go 1.11.3 that broke go get for import path patterns containing "...". See the Go 1.11.4 milestone for details: https://github.com/golang/go/issues?q=milestone%3AGo1.11.4+label%3ACherryPickApproved go1.11.3 (released 2018/12/14) - crypto/x509: CPU denial of service in chain validation golang/go#29233 - cmd/go: directory traversal in "go get" via curly braces in import paths golang/go#29231 - cmd/go: remote command execution during "go get -u" golang/go#29230 See the Go 1.11.3 milestone on the issue tracker for details: https://github.com/golang/go/issues?q=milestone%3AGo1.11.3 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn
@ -1,4 +1,4 @@
|
||||
FROM golang:1.11.2-alpine
|
||||
FROM golang:1.11.4-alpine
|
||||
|
||||
RUN apk add -U git make bash coreutils ca-certificates curl
|
||||
|
||||
|
||||
Reference in New Issue
Block a user