Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Address CVE-2024-24790 #18127

Closed
8 tasks done
ArkaSaha30 opened this issue Jun 5, 2024 · 6 comments
Closed
8 tasks done

Address CVE-2024-24790 #18127

ArkaSaha30 opened this issue Jun 5, 2024 · 6 comments
Assignees
Labels
area/security good first issue help wanted priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now. type/feature

Comments

@ArkaSaha30
Copy link
Contributor

ArkaSaha30 commented Jun 5, 2024

What would you like to be added?

CVE-2024-24790/ GO-2024-2887 was recently published. We need to bump affected go versions:

Go version bump

Why is this needed?

To keep the Go version up to date and avoid CVEs. The mentioned bumped Go versions includes security fixes to the archive/zip and net/netip packages, as well as bug fixes to the compiler, the go command, the runtime, and the os package.

Ref: golang/go#67680

@ArkaSaha30
Copy link
Contributor Author

cc @ahrtr @jmhbnz

@jmhbnz jmhbnz added area/security priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now. help wanted good first issue labels Jun 5, 2024
@henrybear327
Copy link
Contributor

/assign @ArkaSaha30

@ArkaSaha30
Copy link
Contributor Author

Go Vulnerability Checker started detecting : https://github.com/etcd-io/etcd/actions/runs/9379426032/job/25824345786#step:6:15

@henrybear327
Copy link
Contributor

@ArkaSaha30 maybe add an entry to update the changelog :) So we won't forget!

@ahrtr
Copy link
Member

ahrtr commented Jun 5, 2024

Please also update go version for https://github.com/etcd-io/gofail

@ahrtr
Copy link
Member

ahrtr commented Jun 6, 2024

All done. Thanks @ArkaSaha30

@ahrtr ahrtr closed this as completed Jun 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/security good first issue help wanted priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now. type/feature
Development

No branches or pull requests

4 participants