Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[chore]: Upgrading go version to v1.21.11 #37534

Merged
merged 2 commits into from
Jan 28, 2025
Merged

[chore]: Upgrading go version to v1.21.11 #37534

merged 2 commits into from
Jan 28, 2025
+31 −31

Conversation

MovieStoreGuy
Copy link
Contributor

Description

Vulnerability #1: GO-2025-3420
Sensitive headers incorrectly sent after cross-domain redirect in net/http
More info: https://pkg.go.dev/vuln/GO-2025-3420
Standard library
Found in: net/[email protected]
Fixed in: net/[email protected]
Example traces found:
Error: #1: codeowners.go:212:55: githubgen.codeownersGenerator.getGithubMembers calls github.OrganizationsService.ListMembers, which eventually calls http.Client.Do

Vulnerability #2: GO-2025-3373
Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509
More info: https://pkg.go.dev/vuln/GO-2025-3373
Standard library
Found in: crypto/x509@go1.22.8
Fixed in: crypto/[email protected]
Example traces found:

Related: open-telemetry/opentelemetry-collector#12197

@MovieStoreGuy MovieStoreGuy requested a review from a team as a code owner January 28, 2025 08:16
@MovieStoreGuy MovieStoreGuy added the Skip Changelog PRs that do not require a CHANGELOG.md entry label Jan 28, 2025
@mx-psi mx-psi merged commit eeb4eb9 into open-telemetry:main Jan 28, 2025
163 checks passed
@github-actions github-actions bot added this to the next release milestone Jan 28, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mx-psi mx-psi mx-psi approved these changes

@fatsheep9146 fatsheep9146 Awaiting requested review from fatsheep9146 fatsheep9146 is a code owner automatically assigned from open-telemetry/collector-contrib-approvers

Assignees

@bogdandrutu bogdandrutu

Labels
Skip Changelog PRs that do not require a CHANGELOG.md entry
Projects
None yet
Milestone
v0.119.0
Development

Successfully merging this pull request may close these issues.
3 participants
@MovieStoreGuy @mx-psi @bogdandrutu