Backport of Upgrade to go 1.21.8 into release/1.3.x by hc-github-team-consul-core · Pull Request #3752 · hashicorp/consul-k8s

hc-github-team-consul-core · 2024-03-14T22:46:39Z

Backport

This PR is auto-generated from #3741 to be assessed for backporting due to the inclusion of the label backport/1.3.x.

The below text is copied from the body of the original PR.

Upgrade to use Go 1.21.8. This resolves CVEs
CVE-2024-24783 (crypto/x509). CVE-2023-45290 (net/http). CVE-2023-45289 (net/http, net/http/cookiejar). CVE-2024-24785 (html/template). CVE-2024-24784 (net/mail).

Update the Consul Build Go base image to alpine3.19. This resolves CVEs CVE-2023-52425 CVE-2023-52426⁠

Overview of commits

Chris S. Kim added 2 commits March 14, 2024 14:18

backport of commit a860f16

234e2ff

backport of commit 8174632

3d9fd80

hc-github-team-consul-core force-pushed the backport/goversion/safely-improved-elk branch from 9ea52f4 to 3d9fd80 Compare March 14, 2024 22:46

hc-github-team-consul-core assigned kisunji Mar 14, 2024

hc-github-team-consul-core enabled auto-merge (squash) March 14, 2024 22:46

hc-github-team-consul-core requested a review from kisunji March 14, 2024 22:46

kisunji approved these changes Mar 18, 2024

View reviewed changes

hc-github-team-consul-core merged commit e486fd6 into release/1.3.x Mar 18, 2024

hc-github-team-consul-core deleted the backport/goversion/safely-improved-elk branch March 18, 2024 15:13