From 3f03510cc7322aa7261e544ce25d6ab4c481d5ec Mon Sep 17 00:00:00 2001 From: Friedrich Gonzalez <1517449+friedrichg@users.noreply.github.com> Date: Tue, 15 Oct 2024 02:23:38 -0700 Subject: [PATCH] Backport go upgrade to patch CVEs (#6264) * Backport go upgrade to patch CVEs Signed-off-by: Friedrich Gonzalez * Update VERSION file Signed-off-by: Friedrich Gonzalez --------- Signed-off-by: Friedrich Gonzalez --- .github/workflows/test-build-deploy.yml | 12 ++++++------ CHANGELOG.md | 3 +++ Makefile | 2 +- VERSION | 2 +- 4 files changed, 11 insertions(+), 8 deletions(-) diff --git a/.github/workflows/test-build-deploy.yml b/.github/workflows/test-build-deploy.yml index 1820dca087..ad25c07f29 100644 --- a/.github/workflows/test-build-deploy.yml +++ b/.github/workflows/test-build-deploy.yml @@ -17,7 +17,7 @@ jobs: lint: runs-on: ubuntu-20.04 container: - image: quay.io/cortexproject/build-image:master-779dcf4ba + image: quay.io/cortexproject/build-image:master-582c03a76 steps: - name: Checkout Repo uses: actions/checkout@v2 @@ -46,7 +46,7 @@ jobs: test: runs-on: ubuntu-20.04 container: - image: quay.io/cortexproject/build-image:master-779dcf4ba + image: quay.io/cortexproject/build-image:master-582c03a76 steps: - name: Checkout Repo uses: actions/checkout@v2 @@ -89,7 +89,7 @@ jobs: build: runs-on: ubuntu-20.04 container: - image: quay.io/cortexproject/build-image:master-779dcf4ba + image: quay.io/cortexproject/build-image:master-582c03a76 steps: - name: Checkout Repo uses: actions/checkout@v2 @@ -223,14 +223,14 @@ jobs: run: | touch build-image/.uptodate MIGRATIONS_DIR=$(pwd)/cmd/cortex/migrations - make BUILD_IMAGE=quay.io/cortexproject/build-image:master-779dcf4ba TTY='' configs-integration-test + make BUILD_IMAGE=quay.io/cortexproject/build-image:master-582c03a76 TTY='' configs-integration-test deploy_website: needs: [build, test] if: (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/')) && github.repository == 'cortexproject/cortex' runs-on: ubuntu-20.04 container: - image: quay.io/cortexproject/build-image:master-779dcf4ba + image: quay.io/cortexproject/build-image:master-582c03a76 steps: - name: Checkout Repo uses: actions/checkout@v2 @@ -272,7 +272,7 @@ jobs: if: (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/')) && github.repository == 'cortexproject/cortex' runs-on: ubuntu-20.04 container: - image: quay.io/cortexproject/build-image:master-779dcf4ba + image: quay.io/cortexproject/build-image:master-582c03a76 steps: - name: Checkout Repo uses: actions/checkout@v2 diff --git a/CHANGELOG.md b/CHANGELOG.md index d967195ad6..6b53f6de9a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,9 @@ ## master / unreleased +## 1.18.1 2024-10-14 + +* [BUGFIX] Backporting upgrade to go 1.22.7 to patch CVE-2024-34155, CVE-2024-34156, CVE-2024-34158 #6217 #6264 ## 1.18.0 2024-09-03 diff --git a/Makefile b/Makefile index 80d5396b48..c3666f7af3 100644 --- a/Makefile +++ b/Makefile @@ -115,7 +115,7 @@ build-image/$(UPTODATE): build-image/* SUDO := $(shell docker info >/dev/null 2>&1 || echo "sudo -E") BUILD_IN_CONTAINER := true BUILD_IMAGE ?= $(IMAGE_PREFIX)build-image -LATEST_BUILD_IMAGE_TAG ?= master-779dcf4ba +LATEST_BUILD_IMAGE_TAG ?= master-582c03a76 # TTY is parameterized to allow Google Cloud Builder to run builds, # as it currently disallows TTY devices. This value needs to be overridden diff --git a/VERSION b/VERSION index 84cc529467..ec6d649be6 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.18.0 +1.18.1