Skip to content
This repository has been archived by the owner on Apr 7, 2020. It is now read-only.

Update golang version to 1.11.5 #3

Closed
wants to merge 1 commit into from
Closed

Conversation

mvladev
Copy link
Contributor

@mvladev mvladev commented Jan 25, 2019

What this PR does / why we need it:

We have just released Go 1.11.5 and Go 1.10.8 to address a recently reported security issue. We recommend that all users update to one of these releases (if you’re not sure which, choose Go 1.11.5).

This DoS vulnerability in the crypto/elliptic implementations of the P-521 and P-384 elliptic curves may let an attacker craft inputs that consume excessive amounts of CPU.

These inputs might be delivered via TLS handshakes, X.509 certificates, JWT tokens, ECDH shares or ECDSA signatures. In some cases, if an ECDH private key is reused more than once, the attack can also lead to key recovery.

The issue is CVE-2019-6486 and Go issue golang/go#29903. See the Go issue for more details.

K8S issue kubernetes/kubernetes#73238

Which issue(s) this PR fixes:
n/a

Special notes for your reviewer:

Release note:

NONE

/cc @ThormaehlenFred

**What this PR does / why we need it**:

> We have just released Go 1.11.5 and Go 1.10.8 to address a recently reported security issue. We recommend that all users update to one of these releases (if you’re not sure which, choose Go 1.11.5).
>
> This DoS vulnerability in the crypto/elliptic implementations of the P-521 and P-384 elliptic curves may let an attacker craft inputs that consume excessive amounts of CPU.
>
> These inputs might be delivered via TLS handshakes, X.509 certificates, JWT tokens, ECDH shares or ECDSA signatures. In some cases, if an ECDH private key is reused more than once, the attack can also lead to key recovery.
>
> The issue is CVE-2019-6486 and Go issue golang/go#29903. See the Go issue for more details.

K8S issue kubernetes/kubernetes#73238

**Which issue(s) this PR fixes**:
n/a

**Special notes for your reviewer**:

**Release note**:
<!--  Write your release note:
1. Enter your release note in the below block.
2. If no release note is required, just write "NONE" within the block.

Format of block header: <category> <target_group>
Possible values:
- category:       improvement|noteworthy|action
- target_group:   user|operator
-->
```improvement operator
NONE
```

/cc @ThormaehlenFred
@mvladev mvladev requested a review from a team as a code owner January 25, 2019 10:04
@rfranzke
Copy link
Contributor

Done with e9bb84b

@rfranzke rfranzke closed this Jan 30, 2019
@rfranzke rfranzke deleted the update-golang-version branch January 30, 2019 08:12
zanetworker pushed a commit that referenced this pull request Oct 31, 2019
from 0.2.3 to 0.2.4

``` improvement user github.com/gardener/cert-management #3 @MartinWeindel
bug fix: create secret copy if two managed ingress with same TLS hosts and same secret name are defined in two namespaces (issue #2)
```
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants