Pull request: upd-go

Merge in DNS/adguard-home from upd-go to master Squashed commit of the following: commit 3dffc8b5d8951216c1e695472199fc9e9d85e1c7 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Fri Oct 7 14:30:23 2022 +0300 all: fix chlog commit cca70bd6cd27d04cd7cebe14a4e4bef112ce2bcb Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Fri Oct 7 14:07:39 2022 +0300 all: upd go
2024-08-16 14:10:22 +03:00 · 2022-10-07 15:48:51 +03:00 · 2022-10-07 15:48:51 +03:00 · 960a7a75ed
commit 960a7a75ed
parent 330ac30324
5 changed files with 21 additions and 14 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -1,7 +1,7 @@
 'name': 'build'

 'env':
-  'GO_VERSION': '1.18.6'
+  'GO_VERSION': '1.18.7'
  'NODE_VERSION': '14'

 'on':
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@ -1,7 +1,7 @@
 'name': 'lint'

 'env':
-  'GO_VERSION': '1.18.6'
+  'GO_VERSION': '1.18.7'

 'on':
  'push':
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -15,6 +15,12 @@ and this project adheres to
 ## [v0.108.0] - TBA (APPROX.)
 -->

+## Security
+
+- Go version has been updated to prevent the possibility of exploiting the
+  CVE-2022-2879, CVE-2022-2880, and CVE-2022-41715 Go vulnerabilities fixed in
+  [Go 1.18.7][go-1.18.7].
+
 ## Added

 - The ability to put [ClientIDs][clientid] into DNS-over-HTTPS hostnames as
@ -23,7 +29,8 @@ and this project adheres to

 [#3418]: https://github.com/AdguardTeam/AdGuardHome/issues/3418

-[clientid]: https://github.com/AdguardTeam/AdGuardHome/wiki/Clients#clientid
+[go-1.18.7]: https://groups.google.com/g/golang-announce/c/xtuG5faxtaU
+[clientid]:  https://github.com/AdguardTeam/AdGuardHome/wiki/Clients#clientid



@ -173,7 +180,7 @@ See also the [v0.107.12 GitHub milestone][ms-v0.107.12].

 ### Security

- Go version was updated to prevent the possibility of exploiting the
+- Go version has been updated to prevent the possibility of exploiting the
  CVE-2022-27664 and CVE-2022-32190 Go vulnerabilities fixed in
  [Go 1.18.6][go-1.18.6].

@ -294,7 +301,7 @@ See also the [v0.107.9 GitHub milestone][ms-v0.107.9].

 ### Security

- Go version was updated to prevent the possibility of exploiting the
+- Go version has been updated to prevent the possibility of exploiting the
  CVE-2022-32189 Go vulnerability fixed in [Go 1.18.5][go-1.18.5].  Go 1.17
  support has also been removed, as it has reached end of life and will not
  receive security updates.
@ -337,7 +344,7 @@ See also the [v0.107.8 GitHub milestone][ms-v0.107.8].

 ### Security

- Go version was updated to prevent the possibility of exploiting the
+- Go version has been updated to prevent the possibility of exploiting the
  CVE-2022-1705, CVE-2022-32148, CVE-2022-30631, and other Go vulnerabilities
  fixed in [Go 1.17.12][go-1.17.12].

@ -373,7 +380,7 @@ See also the [v0.107.7 GitHub milestone][ms-v0.107.7].

 ### Security

- Go version was updated to prevent the possibility of exploiting the
+- Go version has been updated to prevent the possibility of exploiting the
  [CVE-2022-29526], [CVE-2022-30634], [CVE-2022-30629], [CVE-2022-30580], and
  [CVE-2022-29804] Go vulnerabilities.
 - Enforced password strength policy ([#3503]).
@ -530,7 +537,7 @@ See also the [v0.107.6 GitHub milestone][ms-v0.107.6].
 ### Security

 - `User-Agent` HTTP header removed from outgoing DNS-over-HTTPS requests.
- Go version was updated to prevent the possibility of exploiting the
+- Go version has been updated to prevent the possibility of exploiting the
  [CVE-2022-24675], [CVE-2022-27536], and [CVE-2022-28327] Go vulnerabilities.

 ### Added
@ -585,7 +592,7 @@ were resolved.

 ### Security

- Go version was updated to prevent the possibility of exploiting the
+- Go version has been updated to prevent the possibility of exploiting the
  [CVE-2022-24921] Go vulnerability.

 [CVE-2022-24921]: https://www.cvedetails.com/cve/CVE-2022-24921
@ -598,7 +605,7 @@ See also the [v0.107.4 GitHub milestone][ms-v0.107.4].

 ### Security

- Go version was updated to prevent the possibility of exploiting the
+- Go version has been updated to prevent the possibility of exploiting the
  [CVE-2022-23806], [CVE-2022-23772], and [CVE-2022-23773] Go vulnerabilities.

 ### Fixed
--- a/bamboo-specs/release.yaml
+++ b/bamboo-specs/release.yaml
@ -7,7 +7,7 @@
 # Make sure to sync any changes with the branch overrides below.
 'variables':
  'channel': 'edge'
-  'dockerGo': 'adguard/golang-ubuntu:5.1'
+  'dockerGo': 'adguard/golang-ubuntu:5.2'

 'stages':
 - 'Build frontend':
@ -322,7 +322,7 @@
    # need to build a few of these.
    'variables':
      'channel': 'beta'
-      'dockerGo': 'adguard/golang-ubuntu:5.1'
+      'dockerGo': 'adguard/golang-ubuntu:5.2'
 # release-vX.Y.Z branches are the branches from which the actual final release
 # is built.
 - '^release-v[0-9]+\.[0-9]+\.[0-9]+':
@ -337,4 +337,4 @@
    # are the ones that actually get released.
    'variables':
      'channel': 'release'
-      'dockerGo': 'adguard/golang-ubuntu:5.1'
+      'dockerGo': 'adguard/golang-ubuntu:5.2'
--- a/bamboo-specs/test.yaml
+++ b/bamboo-specs/test.yaml
@ -5,7 +5,7 @@
  'key': 'AHBRTSPECS'
  'name': 'AdGuard Home - Build and run tests'
 'variables':
-  'dockerGo': 'adguard/golang-ubuntu:5.1'
+  'dockerGo': 'adguard/golang-ubuntu:5.2'

 'stages':
 - 'Tests':