Skip to content
This repository was archived by the owner on Dec 20, 2024. It is now read-only.

update golang 1.12.6 to 1.12.10 #989

Closed
yeya24 opened this issue Oct 9, 2019 · 6 comments · Fixed by #1005 or #1009
Closed

update golang 1.12.6 to 1.12.10 #989

yeya24 opened this issue Oct 9, 2019 · 6 comments · Fixed by #1005 or #1009

Comments

@yeya24
Copy link
Collaborator

yeya24 commented Oct 9, 2019
edited
Loading

Ⅰ. Issue Description

There is a CVE for Go and this vulnerability is fixed in 1.12.10. We should update it.
See: https://nvd.nist.gov/vuln/detail/CVE-2019-16276

Some work need to do for updating go

  • update ci
@allencloud
Copy link
Contributor

Do we have a link of this CVE's impact? @yeya24

The following description seems to be not clear.

Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.

@yeya24
Copy link
Collaborator Author

yeya24 commented Oct 10, 2019
edited
Loading

See issue golang/go#34540
Seems this is fixed in 1.12.10. I suggest we should update to 1.12.10 first

@yeya24 yeya24 changed the title update golang 1.12.6 to 1.13.1 update golang 1.12.6 to 1.12.10 Oct 10, 2019
@weekly-digest weekly-digest bot mentioned this issue Oct 13, 2019
Closed
@allencloud
Copy link
Contributor 

Seems this is fixed in 1.12.10. I suggest we should update to 1.12.10 first

That is great. We can update the golang runtime version to 1.12.10. Could you help to submit a PR? @yeya24

fengzixu referenced this issue in fengzixu/Dragonfly Oct 16, 2019
@fengzixu
feature: upgrade golang version to 1.12.10
ab9af94 
Related to: dragonflyoss/dragonfly#989

Signed-off-by: fengzixu <[email protected]>
@fengzixu fengzixu mentioned this issue Oct 16, 2019
Merged
fengzixu referenced this issue in fengzixu/Dragonfly Oct 16, 2019
@fengzixu
feature: upgrade golang version to 1.12.10
3bf86b8 
Related to: dragonflyoss/dragonfly#989

Signed-off-by: fengzixu <[email protected]>
@allencloud
Copy link
Contributor

fixed by dragonflyoss/dragonfly#1005

@yeya24
Copy link
Collaborator Author

yeya24 commented Oct 16, 2019

I believe that we also need to update pouch linter as well. @allencloud see dragonflyoss/linter#20

@yeya24 yeya24 reopened this Oct 16, 2019
@allencloud
Copy link
Contributor 

I believe that we also need to update pouch linter as well. @allencloud see pouchcontainer/pouchlinter#20

I have release a new version 0.2.4 of pouchlinter, see https://github.com/pouchcontainer/pouchlinter/blob/v0.2.4/Dockerfile#L23.
And I also have pushed image pouchcontainer/pouchlinter:v0.2.4 to dockerhub.

Please check. If it is OK, I think we could close this, right>
If not, please feel free to contact me. Thanks. @yeya24

@yeya24 yeya24 mentioned this issue Oct 17, 2019
Merged
starnop referenced this issue in starnop/Dragonfly Nov 27, 2019
@fengzixu
feature: upgrade golang version to 1.12.10
6ccf4f9 
Related to: dragonflyoss/dragonfly#989

Signed-off-by: fengzixu <[email protected]>
inoc603 referenced this issue in inoc603/Dragonfly Dec 23, 2019
@fengzixu
feature: upgrade golang version to 1.12.10
c98b1da 
Related to: dragonflyoss/dragonfly#989

Signed-off-by: fengzixu <[email protected]>
sungjunyoung pushed a commit to sungjunyoung/Dragonfly that referenced this issue May 8, 2022
@gaius-qi
feat: add scheduler host gc (dragonflyoss#989)
82e2294 
Signed-off-by: Gaius <[email protected]>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@allencloud @yeya24