Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump Go version to 1.23.5 #7163

Merged
merged 1 commit into from
Jan 20, 2025
Merged

Bump Go version to 1.23.5 #7163

merged 1 commit into from
Jan 20, 2025

Conversation

nginx-bot
Copy link
Contributor

Proposed changes

This PR brings Go version 1.23.5. The release addresses following CVEs and other fixes:

net/http: sensitive headers incorrectly sent after cross-domain redirect [CVE-2024-45336]
crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints [CVE-2024-45341]

Checklist

Before creating a PR, run through this checklist and mark each as complete.

  • I have read the CONTRIBUTING doc
  • I have added tests that prove my fix is effective or that my feature works
  • I have checked that all unit tests pass after adding my changes
  • I have updated necessary documentation
  • I have rebased my branch onto main
  • I will ensure my PR is targeting the main branch and pulling from my branch from my own fork

@nginx-bot nginx-bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code needs cherry pick Cherry pick this PR into a release branch labels Jan 20, 2025
@nginx-bot nginx-bot requested a review from a team as a code owner January 20, 2025 11:25
@codecov Codecov
Copy link

codecov bot commented Jan 20, 2025

Codecov Report

All modified and coverable lines are covered by tests ✅

Please upload report for BASE (release-4.0@679833b). Learn more about missing BASE report.

Additional details and impacted files 
@@              Coverage Diff               @@
##             release-4.0    #7163   +/-   ##
==============================================
  Coverage               ?   52.73%           
==============================================
  Files                  ?       89           
  Lines                  ?    20824           
  Branches               ?        0           
==============================================
  Hits                   ?    10981           
  Misses                 ?     9389           
  Partials               ?      454

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@vepatel vepatel changed the title [cherry-pick] Bump Go version to 1.23.5 Bump Go version to 1.23.5 Jan 20, 2025
@pdabelf5 pdabelf5 enabled auto-merge (squash) January 20, 2025 11:56
@pdabelf5 pdabelf5 removed the needs cherry pick Cherry pick this PR into a release branch label Jan 20, 2025
@pdabelf5 pdabelf5 merged commit e45b6bc into release-4.0 Jan 20, 2025
64 checks passed
@pdabelf5 pdabelf5 deleted the cherry-pick-release-4.0-2eb223fa0104041f1063abcf9b189e173d95ce50 branch January 20, 2025 12:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jjngx jjngx jjngx approved these changes

@AlexFenlon AlexFenlon AlexFenlon approved these changes

@vepatel vepatel vepatel approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@nginx-bot @vepatel @AlexFenlon @jjngx @pdabelf5