Upgrade Golang version to fix CVE-2022-32189 vulnerability
A too-short encoded message can cause a panic in Float.GobDecode and Rat
GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially
allowing a denial of service. Upgrade Golang to the latest 1.18 version,
that is for the time being 1.18.5.
- relates to
-
RIC-934 Upgrade sdlgo Golang version to fix CVE-2022-32189 vulnerability
- Done
# | Subject | Branch | Project | Status | CR | V |
---|---|---|---|---|---|---|
8913,4 | go 1.18 as default version | master | it/dev | Status: MERGED | +2 | +1 |
8914,2 | RIC-937: Go version update 1.17.10 -> 1.18.5 | master | ric-plt/submgr | Status: MERGED | +2 | +1 |
8915,2 | RIC-937: Go mod version update 1.17 -> 1.18 | master | ric-plt/submgr | Status: MERGED | +2 | +1 |
8916,3 | Release the bldr-ubuntu20-c-go container Issue-Id: RIC-937 | master | it/dev | Status: MERGED | +2 | +1 |