Comparing changes
Open a pull request
- 11 commits
- 10 files changed
- 5 contributors
Commits on Jul 25, 2024
-
go1.21.12 (released 2024-07-02) includes security fixes to the net/http package, as well as bug fixes to the compiler, the go command, the runtime, and the crypto/x509, net/http, net/netip, and os packages. See the Go 1.21.12 milestone on our issue tracker for details: - https://github.com/golang/go/issues?q=milestone%3AGo1.21.12+label%3ACherryPickApproved - full diff: golang/go@go1.21.11...go1.21.12 From the security mailing: > Hello gophers, > > We have just released Go versions 1.22.5 and 1.21.12, minor point releases. > > These minor releases include 1 security fixes following the security policy: > > * net/http: denial of service due to improper 100-continue handling > > The net/http HTTP/1.1 client mishandled the case where a server responds > to a request with an “Expect: 100-continue” header with a non-informational > (200 or higher) status. This mishandling could leave a client connection > in an invalid state, where the next request sent on the connection will fail. > > An attacker sending a request to a net/http/httputil.ReverseProxy proxy can > exploit this mishandling to cause a denial of service by sending > “Expect: 100-continue” requests which elicit a non-informational response > from the backend. Each such request leaves the proxy with an invalid connection, > and causes one subsequent request using that connection to fail. > > Thanks to Geoff Franks for reporting this issue. > > This is CVE-2024-24791 and Go issue https://go.dev/issue/67555. Signed-off-by: Sebastiaan van Stijn <[email protected]>
-
go.mod: golang.org/x/sys v0.22.0
full diff: golang/sys@v0.21.0...v0.22.0 Signed-off-by: Sebastiaan van Stijn <[email protected]>
-
gp.mod: github.com/gofrs/flock v0.12.1
- fix: missing read-write flag in reopenFDOnError fixes a regression that could result in a `ERROR: bad file descriptor`. gofrs/flock@b659e1e introduced a regression where `f.flag` would not be in read-write mode [1] but read-only [2] which breaks people using NFS protocol. [1]: gofrs/flock@b659e1e#diff-87c2c4fe0fb43f4b38b4bee45c1b54cfb694c61e311f93b369caa44f6c1323ffR192 [2]: gofrs/flock@b659e1e#diff-22145325dded38eb5288ed3321a113d8260ccc70747ee04d4551bfd2fba975fdR69 full diff: gofrs/flock@v0.12.0...v0.12.1 Signed-off-by: Sebastiaan van Stijn <[email protected]>
-
remove all dependabot update PRs for OTel dependencies
Signed-off-by: Guillaume Lours <[email protected]>
-
bump engine and cli to v27.1.1, buildx to v0.16.1
Signed-off-by: Guillaume Lours <[email protected]>
-
Fix stop on file chane for sync-restart action
Signed-off-by: Joana Hrotko <[email protected]>
Commits on Aug 5, 2024
-
docs: Update docker compose kill usage
Signed-off-by: Jan Brasna <[email protected]>
-
Removes redundant condition from toAPIBuildOptions in build.go
Signed-off-by: Mayank Kapur <[email protected]>
Commits on Aug 9, 2024
-
initial sync for root directory
Signed-off-by: Joana Hrotko <[email protected]>
-
initial sync files that modified after image creation
Signed-off-by: Joana Hrotko <[email protected]>
Commits on Aug 14, 2024
-
Signed-off-by: Joana Hrotko <[email protected]>
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff v2.29.1...v2.29.2