Backport of [NET-8946 NET-8947 NET-8948] security: bump go, x/net and envoy versions into release/1.2.x#476
Conversation
hc-github-team-consul-core
force-pushed
the
backport/security/net-8946-8947-8948/ghastly-topical-stallion
branch
from
6658a83 to
d0794c5
Compare
github-team-consul-core-pr-approver
left a comment
github-team-consul-core-pr-approver
left a comment
There was a problem hiding this comment.
Auto approved Consul Bot automated PR
|
Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement Learn more about why HashiCorp requires a CLA and what the CLA includes 1 out of 2 committers have signed the CLA.
temp seems not to be a GitHub user. Have you signed the CLA already but the status is still pending? Recheck it. |
|
Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement Learn more about why HashiCorp requires a CLA and what the CLA includes temp seems not to be a GitHub user. Have you signed the CLA already but the status is still pending? Recheck it. |
zalimeni
deleted the
backport/security/net-8946-8947-8948/ghastly-topical-stallion
branch
4 participants
Backport
This PR is auto-generated from #474 to be assessed for backporting due to the inclusion of the label backport/1.2.
🚨
The person who merged in the original PR is:
@zalimeni
This person should manually cherry-pick the original PR into a new backport PR,
and close this one when the manual backport PR is merged in.
The below text is copied from the body of the original PR.
Description
Upgrade to use Go 1.21.9. This resolves CVEs
CVE-2023-45288 (http2).
Upgrade to support Envoy 1.28.2. This resolves CVEs
CVE-2024-27919 (http2).
Upgrade to use golang.org/x/net v0.24.0. This resolves CVEs
CVE-2023-45288 (x/net).
Checklist
Tests added
CHANGELOG entry added
Overview of commits