Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update golang.org/x/net #1268

Merged
merged 2 commits into from
Nov 29, 2023
Merged

Update golang.org/x/net #1268

merged 2 commits into from
Nov 29, 2023

Conversation

merlimat
Copy link
Contributor 

pulsar/bin/pulsarctl (gobinary)

Total: 3 (UNKNOWN: 0, LOW: 0, MEDIUM: 2, HIGH: 1, CRITICAL: 0)

┌──────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐
│     Library      │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version │                            Title                             │
├──────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ golang.org/x/net │ CVE-2023-39325 │ HIGH     │ fixed  │ v0.7.0            │ 0.17.0        │ golang: net/http, x/net/http2: rapid stream resets can cause │
│                  │                │          │        │                   │               │ excessive work (CVE-2023-44487)                              │
│                  │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2023-39325                   │
│                  ├────────────────┼──────────┤        │                   ├───────────────┼──────────────────────────────────────────────────────────────┤
│                  │ CVE-2023-3978  │ MEDIUM   │        │                   │ 0.13.0        │ golang.org/x/net/html: Cross site scripting                  │
│                  │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2023-3978                    │
│                  ├────────────────┤          │        │                   ├───────────────┼──────────────────────────────────────────────────────────────┤
│                  │ CVE-2023-44487 │          │        │                   │ 0.17.0        │ HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable   │
│                  │                │          │        │                   │               │ to a DDoS attack...                                          │
│                  │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2023-44487                   │
└──────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘

(If this PR fixes a github issue, please add Fixes #<xyz>.)

Fixes #

(or if this PR is one task of a github issue, please add Master Issue: #<xyz> to link to the master issue.)

Master Issue: #

Motivation

Explain here the context, and why you're making that change. What is the problem you're trying to solve.

Modifications

Describe the modifications you've done.

Verifying this change

  • Make sure that the change passes the CI checks.

(Please pick either of the following options)

This change is a trivial rework / code cleanup without any test coverage.

(or)

This change is already covered by existing tests, such as (please describe tests).

(or)

This change added tests and can be verified as follows:

(example:)

  • Added integration tests for end-to-end deployment with large payloads (10MB)
  • Extended integration test for recovery after broker failure

Documentation

Check the box below.

Need to update docs?

  • doc-required

    (If you need help on updating docs, create a doc issue)

  • no-need-doc

    (Please explain why)

  • doc

    (If this PR contains doc changes)

@github-actions github-actions bot added the no-need-doc This pr does not need any document label Nov 29, 2023
@merlimat merlimat merged commit f05a758 into master Nov 29, 2023
11 of 12 checks passed
@merlimat merlimat deleted the update-go-x-net branch November 29, 2023 06:49
merlimat added a commit that referenced this pull request Dec 2, 2023
@merlimat
Update golang.org/x/net (#1268)
4fcf19a 
* Update golang.org/x/net

* Go mod tidy
merlimat added a commit that referenced this pull request Dec 2, 2023
@merlimat
Update golang.org/x/net (#1268)
b0b995d 
* Update golang.org/x/net

* Go mod tidy
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nlu90 nlu90 nlu90 approved these changes

@mattisonchao mattisonchao Awaiting requested review from mattisonchao mattisonchao is a code owner

@zymap zymap Awaiting requested review from zymap zymap is a code owner

Assignees

@merlimat merlimat

Labels
no-need-doc This pr does not need any document
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@merlimat @nlu90