mirror of https://github.com/hashicorp/packer
The go 1.18.9 version fixes a vulnerability GO-2022-1144, which concerns the net/http and golang.org/x/net packages. These are used in the codebase, and therefore automated tools report the generated binaries as vulnerable to this. Note that while Packer is indeed vulnerable to this, this is a DoS attack. This is therefore unlikely to impact Packer severely, especially as it requires a deliberate attempt to provoke an OOM/excessive GC cycles. Nonetheless, since this vulnerability is fixed with go 1.18.9, we bump the version used to build/test the tools to this version.pull/12155/head
Lucas Bajolet
3 years ago
committed by
Wilken Rivera
parent
3b9274aa04
commit
0aa2df1027
@ -1 +1 @@
|
||||
1.18.5
|
||||
1.18.9
|
||||
|
||||
Loading…
Reference in new issue