Skip to content

bump golang to 1.23.10 to fix CVEs #264

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
blackpiglet merged 1 commit into from
Jul 2, 2025
Merged

bump golang to 1.23.10 to fix CVEs #264

blackpiglet merged 1 commit into from
Jul 2, 2025
+2 −2

Conversation

@theadarshsaxena
Copy link

@theadarshsaxena theadarshsaxena commented Jun 30, 2025
edited
Loading

Bump up the golang version to 1.23.10 to fix CVEs.

CVEs fixed by this Go upgrade:

  1. bin/cp-plugin (gobinary)
  2. plugins/velero-plugin-for-aws (gobinary)

@blackpiglet
Copy link
Contributor

blackpiglet commented Jul 1, 2025

First, could you clarify which CVEs are fixed by this PR?
Second, I suggest also bumping the Golang version in the main branch.
AFAIK, there is no specific date for a new release of the release-1.12 branch yet.

@theadarshsaxena theadarshsaxena mentioned this pull request Jul 1, 2025
Closed
@theadarshsaxena
Copy link
Author

theadarshsaxena commented Jul 1, 2025

Thanks @blackpiglet, I appreciate your help!

  1. I have edited the description of this PR to mention the CVE fixes
  2. I have create a PR for bumping golang version in the main branch as well.

@blackpiglet blackpiglet merged commit c212ea1 into vmware-tanzu:release-1.12 Jul 2, 2025
4 checks passed
@blackpiglet
Copy link
Contributor

blackpiglet commented Jul 2, 2025

Thanks @blackpiglet, I appreciate your help!

  1. I have edited the description of this PR to mention the CVE fixes
  2. I have create a PR for bumping golang version in the main branch as well.

Thanks for your contribution.

This PR is merged.

I'm sorry for misleading you into creating a PR to bump the Golang version on the main branch.
I totally forgot that the main branch doesn't pin to a tag of Golang.
We will pin to the correct version when cutting new branch.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kaovilai kaovilai kaovilai approved these changes

@blackpiglet blackpiglet blackpiglet approved these changes

@shubham-pampattiwar shubham-pampattiwar Awaiting requested review from shubham-pampattiwar

Assignees

@theadarshsaxena theadarshsaxena

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@theadarshsaxena @blackpiglet @kaovilai