[BEAM-14456] Use Go 1.18.2 to build 2.39 Container Bootloaders - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: P2
Resolution: Fixed
Affects Version/s: 2.39.0
Fix Version/s: 2.39.0
Component/s: sdk-go, sdk-java-core, sdk-py-core
Labels:
None

Description

It's been noted that by using older Go releases to compile Go containers we run the risk of the bootloaders using vulnerable versions.

This issue is to close the gap for 2.39, while a separate one is to document the policy of keeping the release artifacts built with the latest Go version.

While it's unlikely to be an attack vector, it's prudent that we keep these gaps as closed as we're able.

Attachments

Issue Links

links to

GitHub Pull Request #17606

Activity

People

Assignee:: Robert Burke

Reporter:: Robert Burke

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 10/May/22 21:07

Updated:: 12/May/22 14:30

Resolved:: 12/May/22 14:29

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

1.5h