Permalink
Comparing changes
Choose two branches to see what’s changed or to start a new pull request.
If you need to, you can also or
learn more about diff comparisons.
Open a pull request
Create a new pull request by comparing changes across two branches. If you need to, you can also .
Learn more about diff comparisons here.
...
- 6 commits
- 12 files changed
- 2 contributors
Commits on Apr 26, 2023
-
[23.0] vendor: github.com/opencontainers/runc v1.1.5
no changes to vendored files full diff: opencontainers/runc@v1.1.3...v1.1.5 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
-
[23.0] vendor: github.com/moby/swarmkit/v2 v2.0.0-20230315203717-e28e…
…8ba9bc83 no changes to vendored files full diff: moby/swarmkit@a745a87...e28e8ba Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
-
[23.0] vendor: github.com/docker/docker v23.0.5
full diff: moby/moby@v23.0.4...v23.0.5 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Commits on Apr 28, 2023
-
Merge pull request #4234 from thaJeztah/23.0_update_engine
[23.0] vendor: github.com/docker/docker v23.0.5
Commits on May 3, 2023
-
go1.19.9 (released 2023-05-02) includes three security fixes to the html/template package, as well as bug fixes to the compiler, the runtime, and the crypto/tls and syscall packages. See the Go 1.19.9 milestone on our issue tracker for details. https://github.com/golang/go/issues?q=milestone%3AGo1.19.9+label%3ACherryPickApproved release notes: https://go.dev/doc/devel/release#go1.19.9 full diff: golang/go@go1.19.8...go1.19.9 from the announcement: > These minor releases include 3 security fixes following the security policy: > >- html/template: improper sanitization of CSS values > > Angle brackets (`<>`) were not considered dangerous characters when inserted > into CSS contexts. Templates containing multiple actions separated by a '/' > character could result in unexpectedly closing the CSS context and allowing > for injection of unexpected HMTL, if executed with untrusted input. > > Thanks to Juho Nurminen of Mattermost for reporting this issue. > > This is CVE-2023-24539 and Go issue https://go.dev/issue/59720. > > - html/template: improper handling of JavaScript whitespace > > Not all valid JavaScript whitespace characters were considered to be > whitespace. Templates containing whitespace characters outside of the character > set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain > actions may not be properly sanitized during execution. > > Thanks to Juho Nurminen of Mattermost for reporting this issue. > > This is CVE-2023-24540 and Go issue https://go.dev/issue/59721. > > - html/template: improper handling of empty HTML attributes > > Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") > executed with empty input could result in output that would have unexpected > results when parsed due to HTML normalization rules. This may allow injection > of arbitrary attributes into tags. > > Thanks to Juho Nurminen of Mattermost for reporting this issue. > > This is CVE-2023-29400 and Go issue https://go.dev/issue/59722. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Commits on May 4, 2023
-
Merge pull request #4254 from thaJeztah/23.0_update_go1.19.9
[23.0] update go to go1.19.9
Loading
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff v23.0.5...v23.0.6