Skip to content

Security Concern: Update golang version to 1.18.6 or 1.19.1 #21167

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Bruc3Stark opened this issue Sep 14, 2022 · 2 comments
Closed

Security Concern: Update golang version to 1.18.6 or 1.19.1 #21167

Bruc3Stark opened this issue Sep 14, 2022 · 2 comments

Comments

@Bruc3Stark
Copy link

Feature Description

Hello, we are now using gitea v1.16.8 with golang v1.18.2. However, according to https://nvd.nist.gov/vuln/detail/CVE-2022-32190 , we wonder if this golang security vulnerability would cause unknown issues. So we suggest updating the golang version to v1.18.6 or v1.19.1.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-32190
golang/go#54385
https://groups.google.com/g/golang-announce/c/x49AQzIVX-s

Screenshots

No response
@Bruc3Stark Bruc3Stark added type/feature Completely new functionality. Can only be merged if feature freeze is not active. type/proposal The new feature has not been accepted yet but needs to be discussed first. labels Sep 14, 2022
@techknowlogick
Copy link
Member

  1. Please don't open security reports in the public issue trackers. You have already sent this to the security email which is the correct process.
  2. You are running an out of date version of Gitea, we have updated to building with the latest golang version within an hour of it being released.

@techknowlogick techknowlogick removed type/proposal The new feature has not been accepted yet but needs to be discussed first. type/feature Completely new functionality. Can only be merged if feature freeze is not active. labels Sep 14, 2022
@techknowlogick techknowlogick closed this as not planned Won't fix, can't repro, duplicate, stale Sep 14, 2022
@Bruc3Stark
Copy link
Author

OK, sorry for the inappropriate behavior.

@go-gitea go-gitea locked and limited conversation to collaborators May 3, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@techknowlogick @Bruc3Stark