Update to golang 1.11.3 #9560
Merged
Update to golang 1.11.3 #9560
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cmd/go: remote command execution during "go get -u" The issue is CVE-2018-16873 and Go issue golang.org/issue/29230. See the Go issue for details. Thanks to Etienne Stalmans from the Heroku platform security team for discovering and reporting this issue. cmd/go: directory traversal in "go get" via curly braces in import paths The issue is CVE-2018-16874 and Go issue golang.org/issue/29231. See the Go issue for details. Thanks to ztz of Tencent Security Platform for discovering and reporting this issue. crypto/x509: CPU denial of service in chain validation The issue is CVE-2018-16875 and Go issue golang.org/issue/29233. See the Go issue for details. Thanks to Netflix for discovering and reporting this issue. https://golang.org/doc/devel/release.html#go1.11.minor
andrewkroh
approved these changes
Dec 17, 2018
ruflin
approved these changes
Dec 17, 2018
ruflin
reviewed
Dec 18, 2018
| @@ -16,6 +16,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha1...master[Check the HEAD d | |||
| - Update add_cloud_metadata fields to adjust to ECS. {pull}9265[9265] | |||
| - Automaticall cap signed integers to 63bits. {pull}8991[8991] | |||
| - Rename beat.timezone to event.timezone. {pull}9458[9458] | |||
| - Update to Golang 1.11.3. {pull}9560[9560] | |||
There was a problem hiding this comment.
@ph Why is this under breaking changes?
There was a problem hiding this comment.
I think its a good catch, I will move it with the 1.11.4 update.
DStape
pushed a commit
to DStape/beats
that referenced
this pull request
Aug 20, 2019
* Update to golang 1.11.3 cmd/go: remote command execution during "go get -u" The issue is CVE-2018-16873 and Go issue golang.org/issue/29230. See the Go issue for details. Thanks to Etienne Stalmans from the Heroku platform security team for discovering and reporting this issue. cmd/go: directory traversal in "go get" via curly braces in import paths The issue is CVE-2018-16874 and Go issue golang.org/issue/29231. See the Go issue for details. Thanks to ztz of Tencent Security Platform for discovering and reporting this issue. crypto/x509: CPU denial of service in chain validation The issue is CVE-2018-16875 and Go issue golang.org/issue/29233. See the Go issue for details. Thanks to Netflix for discovering and reporting this issue. https://golang.org/doc/devel/release.html#go1.11.minor * Changelog
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fix a few security issues:
https://golang.org/doc/devel/release.html#go1.11.minor