Address CVE-2023-45288 #17703
Description
What would you like to be added?
CVE-2023-45288 / GO-2024-2687 was recently published. We need to:
Go version bump
- main: Bump go-version to 1.22.2 for release-3.6 due to CVE-2023-45288 #17707
- release-3.5: Bump go-version to 1.21.9 for release-3.5 due to CVE-2023-45288 #17708
- release-3.4: Bump go-version to 1.21.9 for release-3.4 due to CVE-2023-45288 #17709
-
Update CHANGELOG: done in Bump go-version to 1.22.2 for release-3.6 due to CVE-2023-45288 #17707 - Raft: Bump go toolchain version to 1.22.2 raft#191
- bbolt 1.3: Bump go toolchain version to address CVE-2023-45288 for release-1.3 bbolt#713
- bbolt main: Bump go toolchain version to address CVE-2023-45288 bbolt#712
Bump golang.org/x/net from 1.22.1 to 1.22.2
-
main: Bump go-version to 1.22.2 for release-3.6 due to CVE-2023-45288 #17707 -
release-3.5: Bump go-version to 1.21.9 for release-3.5 due to CVE-2023-45288 #17708 -
release-3.4: Bump go-version to 1.21.9 for release-3.4 due to CVE-2023-45288 #17709
Why is this needed?
To improve security and address the CVE. And to keep the Go version up to date.