Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update golang.org/x/crypto #28519

Merged
merged 1 commit into from
Dec 18, 2023
Merged

Update golang.org/x/crypto #28519

merged 1 commit into from
Dec 18, 2023

Conversation

wxiaoguang
Copy link
Contributor

@wxiaoguang wxiaoguang added this to the 1.21.3 milestone Dec 18, 2023
@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Dec 18, 2023
@pull-request-size pull-request-size bot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Dec 18, 2023
@wxiaoguang wxiaoguang added the topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! label Dec 18, 2023
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Dec 18, 2023
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Dec 18, 2023
@wxiaoguang wxiaoguang merged commit 6d002f8 into go-gitea:release/v1.21 Dec 18, 2023
26 checks passed
@wxiaoguang wxiaoguang deleted the update-go-crypto branch December 18, 2023 23:04
@laf0rge
Copy link

laf0rge commented Dec 21, 2023

will there also be a back-port of this security release to the 1.20.x version?

@wxiaoguang
Copy link
Contributor Author

1.20 has been unmaintained for long time, and maybe there is not only just this one security problem (I am sure ...)

So, please upgrade.

@divialth
Copy link

1.20 has been unmaintained for long time, and maybe there is not only just this one security problem (I am sure ...)

for me the same question just popped up, if there will be a back-port.
I just checked it, the last commit to the 1.20 branch was last week. Because of this I think this version is still maintained or I am complete wrong?

@techknowlogick
Copy link
Member

@laf0rge @divialth we are working on our LTS versioning plans, but as of now our standard EOL policy applies where once a new major stable version is out then generally we stop support for the older version. For 1.20 there was one version that was released that was after this date, but for most commits to it are just documentation changes for clarification for users on old versions.
As @wxiaoguang said though, it is strongly recommended to switch to 1.21, bit just for the many bug fixes, but also several security fixes too

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 14, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@delvh delvh delvh approved these changes

@techknowlogick techknowlogick techknowlogick approved these changes

Assignees
No one assigned
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. topic/security Something leaks user information or is otherwise vulnerable. Should be fixed!
Projects
None yet
Milestone
1.21.3
Development

Successfully merging this pull request may close these issues.
6 participants
@wxiaoguang @laf0rge @divialth @techknowlogick @delvh @GiteaBot