go1.21.8 (released 2024-03-05) includes 5 security fixes
- crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783, https://go.dev/issue/65390)
- net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290, https://go.dev/issue/65383)
- net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289, https://go.dev/issue/65065)
- html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785, https://go.dev/issue/65697)
- net/mail: comments in display names are incorrectly handled (CVE-2024-24784, https://go.dev/issue/65083)
View the release notes for more information:
https://go.dev/doc/devel/release#go1.22.1
- https://github.com/golang/go/issues?q=milestone%3AGo1.21.8+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.21.7...go1.21.8
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
| ... | ... |
@@ -161,7 +161,7 @@ FROM ${WINDOWS_BASE_IMAGE}:${WINDOWS_BASE_IMAGE_TAG}
|
| 161 | 161 |
# Use PowerShell as the default shell |
| 162 | 162 |
SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] |
| 163 | 163 |
|
| 164 |
-ARG GO_VERSION=1.21.7 |
|
| 164 |
+ARG GO_VERSION=1.21.8 |
|
| 165 | 165 |
ARG GOTESTSUM_VERSION=v1.8.2 |
| 166 | 166 |
ARG GOWINRES_VERSION=v0.3.1 |
| 167 | 167 |
ARG CONTAINERD_VERSION=v1.7.13 |