From 2207f9705190e9d31692d20fc07689836f261b5d Mon Sep 17 00:00:00 2001 From: Bryan Eastes Date: Thu, 15 Jun 2023 21:57:31 +0000 Subject: [PATCH 1/3] backport of commit d35cbab1ede76a1686fbfc4bae611deab9b1d22d --- control-plane/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/control-plane/Dockerfile b/control-plane/Dockerfile index 129344eade..844c487e49 100644 --- a/control-plane/Dockerfile +++ b/control-plane/Dockerfile @@ -14,7 +14,7 @@ # go-discover builds the discover binary (which we don't currently publish # either). FROM golang:1.19.2-alpine as go-discover -RUN CGO_ENABLED=0 go install github.com/hashicorp/go-discover/cmd/discover@49f60c093101c9c5f6b04d5b1c80164251a761a6 +RUN CGO_ENABLED=0 go install github.com/hashicorp/go-discover/cmd/discover@214571b6a5309addf3db7775f4ee8cf4d264fd5f # dev copies the binary from a local build # ----------------------------------- From 6dd7c9343fe14cadfb334b08abb4c4a26956abf1 Mon Sep 17 00:00:00 2001 From: Bryan Eastes Date: Thu, 15 Jun 2023 22:06:07 +0000 Subject: [PATCH 2/3] backport of commit 6d912dc83320897d0f74e232996500832373ecd7 --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 487988b010..785f01f2c9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +## 1.1.? (TODO DATE) +SECURITY: +* [Go-Discover](https://github.com/hashicorp/go-discover) in the container has been updated to address [CVE-2020-14040](https://github.com/advisories/GHSA-5rcv-m4m3-hfh7) + + + ## 1.1.2 (June 5, 2023) SECURITY: From 9adb515fcce480ac7c960e19f27eae1261ba53a8 Mon Sep 17 00:00:00 2001 From: Curt Bushko Date: Fri, 16 Jun 2023 20:22:22 +0000 Subject: [PATCH 3/3] backport of commit 4cb4b56293d9627ff9a1f3dba3588d8bbae930af --- .changelog/2390.txt | 3 +++ CHANGELOG.md | 6 ------ 2 files changed, 3 insertions(+), 6 deletions(-) create mode 100644 .changelog/2390.txt diff --git a/.changelog/2390.txt b/.changelog/2390.txt new file mode 100644 index 0000000000..a4546bd781 --- /dev/null +++ b/.changelog/2390.txt @@ -0,0 +1,3 @@ +```release-note:security +Update [Go-Discover](https://github.com/hashicorp/go-discover) in the container has been updated to address [CVE-2020-14040](https://github.com/advisories/GHSA-5rcv-m4m3-hfh7) +``` diff --git a/CHANGELOG.md b/CHANGELOG.md index 785f01f2c9..487988b010 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,9 +1,3 @@ -## 1.1.? (TODO DATE) -SECURITY: -* [Go-Discover](https://github.com/hashicorp/go-discover) in the container has been updated to address [CVE-2020-14040](https://github.com/advisories/GHSA-5rcv-m4m3-hfh7) - - - ## 1.1.2 (June 5, 2023) SECURITY: