Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump go to 1.21.12 / 1.22.5 #18269

Closed
7 tasks done
ivanvc opened this issue Jul 3, 2024 · 9 comments
Closed
7 tasks done

Bump go to 1.21.12 / 1.22.5 #18269

ivanvc opened this issue Jul 3, 2024 · 9 comments
Assignees
@thedtripp
Labels
area/security area/tooling type/feature

Comments

@ivanvc
Copy link
Member

ivanvc commented Jul 3, 2024
edited
Loading

What would you like to be added?

Go 1.21.12 and 1.22.5 include a fix for the GO-2024-2963 vulnerability in net/http. This update should be included in the next 3.5 release.

Completion tracking below:

Refer to previous issues and its pull requests as a reference, i.e., #17964

Why is this needed?

To improve the project security and address the CVE.
@ivanvc
Copy link
Member Author

ivanvc commented Jul 3, 2024

I'm unsure if we should open this as a good first issue or if we prefer someone with bandwidth to do it soon so we don't hold up #18247.

@ivanvc ivanvc mentioned this issue Jul 3, 2024
Merged
@thedtripp
Copy link
Member

thedtripp commented Jul 3, 2024
edited
Loading

I'd like to help with this. It looks like may take multiple PRs, so let me know where I can assist.

@ivanvc
Copy link
Member Author

ivanvc commented Jul 3, 2024

/assign @thedtripp

Thank you. You can start with this repository (main, release-3.5, and release-3.4). I'd hold bbolt and raft until we have @ahrtr's input.

@ivanvc
Copy link
Member Author

ivanvc commented Jul 3, 2024

@thedtripp, we still don't have documentation for this. I was trying to find the issue where I commented on updating the Go version with our latest scripts. However, you now just need to update the .go-version file and then run make fix (which runs ./scripts/sync_go_toolchain_directive.sh).

It is backported to 3.4 and 3.5, so it should be the same process for all the branches.

@thedtripp
Copy link
Member

@ivanvc Ok. I'll give that a go on the main branch first. Thanks

This was referenced Jul 3, 2024
Merged
Merged
Merged
@ahrtr
Copy link
Member

ahrtr commented Jul 3, 2024

  • etcd-io/bbolt release-1.3: v1.21.12 (do we want to update 1.3?)
  • etcd-io/raft main: go v1.22.5 (do we want to update raft?)

I think so.

@ivanvc
Copy link
Member Author

ivanvc commented Jul 3, 2024

@thedtripp, could you open a PR to update 3.4/3.5 CHANGELOGs? Would you also want to help with bbolt and raft? Or should we open it up for another contributor?
Thank you.

@thedtripp
Copy link
Member

@thedtripp, could you open a PR to update 3.4/3.5 CHANGELOGs? Would you also want to help with bbolt and raft? Or should we open it up for another contributor?

Thank you.

Yes, I'd like to help with those. I'll look into it later today.

This was referenced Jul 4, 2024
Merged
Merged
Merged
Merged
@ivanvc
Copy link
Member Author

ivanvc commented Jul 4, 2024

Thanks, @thedtripp. Closing this as there are no outstanding tasks.

@ivanvc ivanvc closed this as completed Jul 4, 2024
@thedtripp thedtripp mentioned this issue Jul 4, 2024
Closed
11 tasks
@ivanvc ivanvc mentioned this issue Jul 5, 2024
Closed
4 tasks
@ivanvc ivanvc mentioned this issue Aug 8, 2024
Closed
8 tasks
@ivanvc ivanvc mentioned this issue Oct 1, 2024
Closed
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@thedtripp thedtripp

Labels
area/security area/tooling type/feature
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ivanvc @ahrtr @thedtripp