Mirroristas/etcd
2
0
Fork 0
mirror of https://github.com/etcd-io/etcd.git synced 2024-09-27 06:25:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
19,336 Commits 15 Branches 491 Tags 148 MiB
Commit Graph

11 Commits

Author SHA1 Message Date
James Blair
5b3497555f
Updated go to 1.19.7. 
Mitigates CVE-2023-24532.

Signed-off-by: James Blair <mail@jamesblair.net>
 2023-03-08 21:39:31 +13:00
James Blair
ee6781bf6f Bump to go 1.19.6 
go 1.19.6 (released 2023-02-14) includes important security and bug fixes.

Signed-off-by: James Blair <mail@jamesblair.net>
 2023-02-16 17:12:59 +08:00
yanggang
ebf1e3bb1a
Bump go to 1.19.5 
Signed-off-by: yanggang <gang.yang@daocloud.io>
 2023-01-11 14:42:31 +08:00
Benjamin Wang
dccc21bb69 bump go 1.19.4 
$ govulncheck ./...
govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.

Scanning for dependencies with known vulnerabilities...
Found 1 known vulnerability.

Vulnerability #1: GO-2022-1144
  An attacker can cause excessive memory growth in a Go server
  accepting HTTP/2 requests. HTTP/2 server connections contain a
  cache of HTTP header keys sent by the client. While the total
  number of entries in this cache is capped, an attacker sending
  very large keys can cause the server to allocate approximately
  64 MiB per open connection.

  Call stacks in your code:
      tools/etcd-dump-metrics/main.go:159:31: go.etcd.io/etcd/v3/tools/etcd-dump-metrics.main$4 calls go.etcd.io/etcd/server/v3/embed.StartEtcd, which eventually calls golang.org/x/net/http2.ConfigureServer$1

  Found in: golang.org/x/net/http2@v0.2.0
  Fixed in: golang.org/x/net/http2@v1.19.4
  More info: https://pkg.go.dev/vuln/GO-2022-1144

Vulnerability #2: GO-2022-1144
  An attacker can cause excessive memory growth in a Go server
  accepting HTTP/2 requests. HTTP/2 server connections contain a
  cache of HTTP header keys sent by the client. While the total
  number of entries in this cache is capped, an attacker sending
  very large keys can cause the server to allocate approximately
  64 MiB per open connection.

  Call stacks in your code:
      contrib/lock/storage/storage.go:106:28: go.etcd.io/etcd/v3/contrib/lock/storage.main calls net/http.ListenAndServe
      contrib/raftexample/httpapi.go:113:31: go.etcd.io/etcd/v3/contrib/raftexample.serveHTTPKVAPI$1 calls net/http.Server.ListenAndServe
      tools/etcd-dump-metrics/main.go:159:31: go.etcd.io/etcd/v3/tools/etcd-dump-metrics.main$4 calls go.etcd.io/etcd/server/v3/embed.StartEtcd, which eventually calls net/http.Serve
      tools/etcd-dump-metrics/main.go:159:31: go.etcd.io/etcd/v3/tools/etcd-dump-metrics.main$4 calls go.etcd.io/etcd/server/v3/embed.StartEtcd, which eventually calls net/http.Server.Serve

  Found in: net/http@go1.19.3
  Fixed in: net/http@go1.19.4
  More info: https://pkg.go.dev/vuln/GO-2022-1144

Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-09 07:39:57 +08:00
Benjamin Wang
94e0c2410b bump go version to 1.19.3 to address security fixes 
FYI. https://groups.google.com/g/golang-announce/c/dRtDK7WS78g

Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-11-02 09:07:22 +08:00
vivekpatani
680310a6c9 *: bump to go1.19.2 from 1.19.1 
- update .github workflows
- update tests

Signed-off-by: vivekpatani <9080894+vivekpatani@users.noreply.github.com>
 2022-10-27 18:45:02 -07:00
Marek Siarkowicz
510f26e34c Remove mention of ETCDCTL_API environment variable as it was removed on main branch 
Signed-off-by: Marek Siarkowicz <siarkowicz@google.com>
 2022-10-07 21:22:06 +02:00
Benjamin Wang
cb5f7276c3 Bump go 1.19: upgrade go version to 1.19.1 in the pipeline 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-09-22 08:47:46 +08:00
Manuel Rüger
c544b2a2a5 Update go to 1.17.8 2022-03-23 20:11:12 +01:00
Lili Cosic
e6e279a14d *: Bump go to go v1.17.2 2021-10-27 13:44:54 +02:00
Marek Siarkowicz
7b5f8fc71c *: Cleanup Makefile 
* Move manual docker tests to ./tests/manual
* Move manual docker makefile targets to ./tests/manual/Makefile
* Remove unused makefile rules
 2021-07-27 17:32:39 +02:00