update to go-1.21.8 #996

vvoland · 2024-03-05T21:32:51Z

go1.21.8 (released 2024-03-05) includes 5 security fixes:

crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783, https://go.dev/issue/65390)
net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290, https://go.dev/issue/65383)
net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289, https://go.dev/issue/65065)
html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785, https://go.dev/issue/65697)
net/mail: comments in display names are incorrectly handled (CVE-2024-24784, https://go.dev/issue/65083)

View the release notes for more information:
https://go.dev/doc/devel/release#go1.21.8

go1.21.8 (released 2024-03-05) includes 5 security fixes: - crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783, https://go.dev/issue/65390) - net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290, https://go.dev/issue/65383) - net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289, https://go.dev/issue/65065) - html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785, https://go.dev/issue/65697) - net/mail: comments in display names are incorrectly handled (CVE-2024-24784, https://go.dev/issue/65083) View the release notes for more information: https://go.dev/doc/devel/release#go1.21.8 - https://github.com/golang/go/issues?q=milestone%3AGo1.21.8+label%3ACherryPickApproved - full diff: golang/go@go1.21.7...go1.21.8 Signed-off-by: Paweł Gronowski <[email protected]>

vvoland self-assigned this Mar 5, 2024

neersighted approved these changes Mar 5, 2024

View reviewed changes

neersighted merged commit 63afa59 into docker:master Mar 5, 2024
6 checks passed

Provide feedback