Skip to content

Security update: Migrate to go-git/go-git v5 #496

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ack-prow merged 1 commit into from
Jan 29, 2024
Merged

Security update: Migrate to go-git/go-git v5 #496

ack-prow merged 1 commit into from
Jan 29, 2024

Conversation

@a-hilaly
Copy link
Member

@a-hilaly a-hilaly commented Jan 29, 2024

Due to some security issues related to go-git prior to 5.11, we are
required to bump our go-git dependency.

The security issues, in general, allowed malicious crafter Git server to
cause DOS and/or remove code execution on gogit client.

Signed-off-by: Amine Hilaly [email protected]

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@a-hilaly
Security update: Migrate to go-git/go-git v5
0de51f0 
Due to some security issues related to go-git prior to 5.11, we are
required to bump our go-git dependency.

The security issues, in general, allowed malicious crafter Git server to
cause DOS and/or remove code execution on gogit client.

Signed-off-by: Amine Hilaly <[email protected]>
@a-hilaly a-hilaly added the area/security Issues or PRs related to security topics label Jan 29, 2024
@ack-prow ack-prow bot requested review from jlbutler and jljaco January 29, 2024 04:24
@ack-prow ack-prow bot added the approved label Jan 29, 2024
@ack-bot
Copy link
Collaborator

ack-bot commented Jan 29, 2024

/lgtm

@ack-prow ack-prow bot added the lgtm Indicates that a PR is ready to be merged. label Jan 29, 2024
@ack-prow
Copy link

ack-prow bot commented Jan 29, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: a-hilaly, ack-bot

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ack-prow ack-prow bot merged commit 289f222 into aws-controllers-k8s:main Jan 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jlbutler jlbutler Awaiting requested review from jlbutler

@jljaco jljaco Awaiting requested review from jljaco

Assignees

@ack-bot ack-bot

Labels

approved area/security Issues or PRs related to security topics lgtm Indicates that a PR is ready to be merged.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@a-hilaly @ack-bot