Bumps the go_modules group with 1 update in the /api3 directory: golang.org/x/crypto.
Bumps the go_modules group with 6 updates in the /backend directory:
For more information about the security issues addressed in this release, and the unaddressed vulnerabilities in BuildKit, refer to the
blog post. For details about each vulnerability, see the relevant security advisory:
SQL injection can occur when all of the following conditions are met:
The non-default simple protocol is used.
A placeholder for a numeric value must be immediately preceded by a minus.
There must be a second placeholder for a string value after the first placeholder; both must be on the same line.
Both parameter values must be user-controlled.
Thanks to Paul Gerste for reporting this issue.
Fix CVE-2024-27304
SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer
overflow in the calculated message size can cause the one large message to be sent as multiple messages under the
attacker's control.
Thanks to Paul Gerste for reporting this issue.
Fix *dbTx.Exec not checking if it is already closed
4.18.1 (February 27, 2023)
Fix: Support pgx v4 and v5 stdlib in same program (Tomáš Procházka)
4.18.0 (February 11, 2023)
Upgrade pgconn to v1.14.0
Upgrade pgproto3 to v2.3.2
Upgrade pgtype to v1.14.0
Fix query sanitizer when query text contains Unicode replacement character
Fix context with value in BeforeConnect (David Harju)
Support pgx v4 and v5 stdlib in same program (Vitalii Solodilov)
server: prohibit more than MaxConcurrentStreams handlers from running at once (CVE-2023-44487)
In addition to this change, applications should ensure they do not leave running tasks behind related to the RPC before returning from method handlers, or should enforce appropriate limits on any such work.
Release 1.56.2
status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)
Release 1.56.1
client: handle empty address lists correctly in addrConn.updateAddrs
Release 1.56.0
New Features
client: support channel idleness using WithIdleTimeout dial option (#6263)
This feature is currently disabled by default, but will be enabled with a 30 minute default in the future.
client: when using pickfirst, keep channel state in TRANSIENT_FAILURE until it becomes READY (gRFC A62) (#6306)
xds: Add support for Custom LB Policies (gRFC A52) (#6224)
orca: fix a race at startup of out-of-band metric subscriptions that would cause the report interval to request 0 (#6245)
xds/xdsresource: Fix Outlier Detection Config Handling and correctly set xDS Defaults (#6361)
xds/outlierdetection: Fix Outlier Detection Config Handling by setting defaults in ParseConfig() (#6361)
API Changes
orca: allow a ServerMetricsProvider to be passed to the ORCA service and ServerOption (#6223)
Release 1.55.1
status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)
server: prohibit more than MaxConcurrentStreams handlers from running at once (CVE-2023-44487)
In addition to this change, applications should ensure they do not leave running tasks behind related to the RPC before returning from method handlers, or should enforce appropriate limits on any such work.
Release 1.56.2
status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)
Release 1.56.1
client: handle empty address lists correctly in addrConn.updateAddrs
Release 1.56.0
New Features
client: support channel idleness using WithIdleTimeout dial option (#6263)
This feature is currently disabled by default, but will be enabled with a 30 minute default in the future.
client: when using pickfirst, keep channel state in TRANSIENT_FAILURE until it becomes READY (gRFC A62) (#6306)
xds: Add support for Custom LB Policies (gRFC A52) (#6224)
orca: fix a race at startup of out-of-band metric subscriptions that would cause the report interval to request 0 (#6245)
xds/xdsresource: Fix Outlier Detection Config Handling and correctly set xDS Defaults (#6361)
xds/outlierdetection: Fix Outlier Detection Config Handling by setting defaults in ParseConfig() (#6361)
API Changes
orca: allow a ServerMetricsProvider to be passed to the ORCA service and ServerOption (#6223)
Release 1.55.1
status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and callin...
_Description has been truncated_
Bumps the go_modules group with 1 update in the /api3 directory: golang.org/x/crypto. Bumps the go_modules group with 6 updates in the /backend directory:
0.1.0
0.17.0
20.10.14+incompatible
24.0.9+incompatible
2.8.1+incompatible
2.8.2+incompatible
2.3.1
2.3.3
4.17.2
4.18.2
1.43.0
1.56.3
Bumps the go_modules group with 1 update in the /plugins/api directory: golang.org/x/net. Bumps the go_modules group with 1 update in the /plugins/common directory: golang.org/x/net. Bumps the go_modules group with 2 updates in the /plugins/gateway/kong directory: golang.org/x/net and google.golang.org/protobuf. Bumps the go_modules group with 1 update in the /plugins/gateway/tyk/v3.2.2 directory: github.com/gin-gonic/gin. Bumps the go_modules group with 3 updates in the /plugins/otel-collector/apiclarityexporter directory: golang.org/x/net, google.golang.org/grpc and go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp. Bumps the go_modules group with 3 updates in the /plugins/taper directory: golang.org/x/net, gopkg.in/yaml.v3 and google.golang.org/grpc. Bumps the go_modules group with 1 update in the /plugins/taper/extensions/http directory: golang.org/x/net.
Updates
golang.org/x/crypto
from 0.1.0 to 0.17.0Commits
9d2ee97
ssh: implement strict KEX protocol changes4e5a261
ssh: close net.Conn on all NewServerConn errors152cdb1
x509roots/fallback: update bundlefdfe1f8
ssh: defer channel window adjustmentb8ffc16
blake2b: drop Go 1.6, Go 1.8 compatibility7e6fbd8
ssh: wrap errors from client handshakebda2f3f
argon2: avoid clobbering BP325b735
ssh/test: skip TestSSHCLIAuth on Windows1eadac5
go.mod: update golang.org/x dependenciesb2d7c26
ssh: add (*Client).DialContext methodUpdates
golang.org/x/crypto
from 0.1.0 to 0.17.0Commits
9d2ee97
ssh: implement strict KEX protocol changes4e5a261
ssh: close net.Conn on all NewServerConn errors152cdb1
x509roots/fallback: update bundlefdfe1f8
ssh: defer channel window adjustmentb8ffc16
blake2b: drop Go 1.6, Go 1.8 compatibility7e6fbd8
ssh: wrap errors from client handshakebda2f3f
argon2: avoid clobbering BP325b735
ssh/test: skip TestSSHCLIAuth on Windows1eadac5
go.mod: update golang.org/x dependenciesb2d7c26
ssh: add (*Client).DialContext methodUpdates
golang.org/x/net
from 0.2.0 to 0.10.0Commits
Updates
golang.org/x/sys
from 0.2.0 to 0.15.0Commits
13b15b7
unix: add IoctlLoopConfigure on linux11eadc0
windows: add AddDllDirectory and RemoveDllDirectorye4099bf
unix: fix trimmed socket opt string in GetsockoptString9888904
unix: update BPF constants for Linux kernel 6.62d0c736
unix: use fchmodat2 in Fchmodatec230da
unix: use fcntl(2) libc stub on OpenBSDcb378ae
syscall: call getfsstat via libc on openbsd661d749
unix: use libc stubs for OpenBSD pledge+unveil1168e25
unix/linux: update Linux kernel to v6.6249e16f
unix: require minimum OpenBSD 6.4 for pledge, unveilUpdates
golang.org/x/text
from 0.4.0 to 0.14.0Commits
6c97a16
all: update go directive to 1.18f488e19
unicode/norm: fix function name on commentfb697c0
cmd/gotext: actually use -dir flagf3e69ed
cmd/gotext: fix misbehaviorsab07ad1
all: remove repetitive wordse503480
encoding/japanese, language: shorten very long sub-test names2df65d7
all: regenerate for Unicode 15.0.0e3c038a
all: prepare for Unicode 15.0.03a7a255
internal/export/idna: make more space for mapping indexd61dd50
go.mod: delete repeated "indirect"Updates
github.com/docker/docker
from 20.10.14+incompatible to 24.0.9+incompatibleRelease notes
Sourced from github.com/docker/docker's releases.
... (truncated)
Commits
fca702d
Merge pull request from GHSA-xw73-rw38-6vjcf78a772
Merge pull request #47281 from thaJeztah/24.0_backport_bump_containerd_binary...61afffe
Merge pull request #47270 from thaJeztah/24.0_backport_bump_runc_binary_1.1.12b38e74c
Merge pull request #47276 from thaJeztah/24.0_backport_bump_runc_1.1.12dac5663
update containerd binary to v1.7.1320e1af3
vendor: github.com/opencontainers/runc v1.1.12858919d
update runc binary to v1.1.12141ad39
Merge pull request #47266 from vvoland/ci-fix-makeps1-templatefail-24db968c6
hack/make.ps1: Fix go list pattern61c51fb
Merge pull request #47221 from vvoland/pkg-pools-close-noop-24Updates
github.com/docker/distribution
from 2.8.1+incompatible to 2.8.2+incompatibleRelease notes
Sourced from github.com/docker/distribution's releases.
Commits
7c354a4
Merge pull request #3915 from distribution/2.8.2-release-notesa173a9c
Add v2.8.2 release notes4894d35
Merge pull request #3914 from vvoland/handle-forbidden-28f067f66
Merge pull request #3783 from ndeloof/accept-encoding-28483ad69
registry/errors: Parse http forbidden as denied2b0f84d
Revert "registry/client: set Accept: identity header when getting layers"320d6a1
Merge pull request #3912 from distribution/2.8.2-beta.2-release-notes5f3ca1b
Add release notes for 2.8.2-beta.2 releasecb840f6
Merge pull request #3911 from thaJeztah/2.8_backport_fix_releaser_filenamese884644
Dockerfile: fix filenames of artifactsUpdates
github.com/jackc/pgproto3/v2
from 2.3.1 to 2.3.3Commits
945c212
Backport fixes from pgx v50c0f7b0
Add pgx v5 notef59ff94
UnmarshalJSON: removing hex decodeUpdates
github.com/jackc/pgx/v4
from 4.17.2 to 4.18.2Changelog
Sourced from github.com/jackc/pgx/v4's changelog.
Commits
14690df
Update changelog779548e
Update required Go version to 1.1780e9662
Update github.com/jackc/pgconn to v1.14.30bf9ac3
Fix erroneous test casef94eb0e
Always wrap arguments in parentheses in the SQL sanitizer826a892
Fix SQL injection via line comment creation in simple protocol7d882f9
Fix *dbTx.Exec not checking if it is already closed1d07b8b
go mod tidy13468eb
Release v4.18.17fed69b
simplify duplicatepgx
registration guardUpdates
google.golang.org/grpc
from 1.43.0 to 1.56.3Release notes
Sourced from google.golang.org/grpc's releases.
... (truncated)
Commits
1055b48
Update version.go to 1.56.3 (#6713)5efd7bd
server: prohibit more than MaxConcurrentStreams handlers from running at once...bd1f038
Upgrade version.go to 1.56.3-dev (#6434)faab873
Update version.go to v1.56.2 (#6432)6b0b291
status: fix panic when servers return a wrapped error with status OK (#6374) ...ed56401
[PSM interop] Don't fail target if sub-target already failed (#6390) (#6405)cd6a794
Update version.go to v1.56.2-dev (#6387)5b67e5e
Update version.go to v1.56.1 (#6386)d0f5150
client: handle empty address lists correctly in addrConn.updateAddrs (#6354) ...997c1ea
Change version to 1.56.1-dev (#6345)Updates
google.golang.org/protobuf
from 1.28.1 to 1.30.0Updates
golang.org/x/net
from 0.0.0-20211101193420-4a448f8816b3 to 0.23.0Commits
Updates
golang.org/x/net
from 0.0.0-20211101193420-4a448f8816b3 to 0.23.0Commits
Updates
golang.org/x/sys
from 0.0.0-20210423082822-04245dca01da to 0.18.0Commits
13b15b7
unix: add IoctlLoopConfigure on linux11eadc0
windows: add AddDllDirectory and RemoveDllDirectorye4099bf
unix: fix trimmed socket opt string in GetsockoptString9888904
unix: update BPF constants for Linux kernel 6.62d0c736
unix: use fchmodat2 in Fchmodatec230da
unix: use fcntl(2) libc stub on OpenBSDcb378ae
syscall: call getfsstat via libc on openbsd661d749
unix: use libc stubs for OpenBSD pledge+unveil1168e25
unix/linux: update Linux kernel to v6.6249e16f
unix: require minimum OpenBSD 6.4 for pledge, unveilUpdates
golang.org/x/text
from 0.3.7 to 0.14.0Commits
6c97a16
all: update go directive to 1.18f488e19
unicode/norm: fix function name on commentfb697c0
cmd/gotext: actually use -dir flagf3e69ed
cmd/gotext: fix misbehaviorsab07ad1
all: remove repetitive wordse503480
encoding/japanese, language: shorten very long sub-test names2df65d7
all: regenerate for Unicode 15.0.0e3c038a
all: prepare for Unicode 15.0.03a7a255
internal/export/idna: make more space for mapping indexd61dd50
go.mod: delete repeated "indirect"Updates
golang.org/x/net
from 0.0.0-20211112202133-69e39bad7dc2 to 0.23.0Commits
Updates
golang.org/x/sys
from 0.0.0-20210615035016-665e8c7367d1 to 0.18.0Commits
13b15b7
unix: add IoctlLoopConfigure on linux11eadc0
windows: add AddDllDirectory and RemoveDllDirectorye4099bf
unix: fix trimmed socket opt string in GetsockoptString9888904
unix: update BPF constants for Linux kernel 6.62d0c736
unix: use fchmodat2 in Fchmodatec230da
unix: use fcntl(2) libc stub on OpenBSDcb378ae
syscall: call getfsstat via libc on openbsd661d749
unix: use libc stubs for OpenBSD pledge+unveil1168e25
unix/linux: update Linux kernel to v6.6249e16f
unix: require minimum OpenBSD 6.4 for pledge, unveilUpdates
golang.org/x/text
from 0.3.7 to 0.14.0Commits
6c97a16
all: update go directive to 1.18f488e19
unicode/norm: fix function name on commentfb697c0
cmd/gotext: actually use -dir flagf3e69ed
cmd/gotext: fix misbehaviorsab07ad1
all: remove repetitive wordse503480
encoding/japanese, language: shorten very long sub-test names2df65d7
all: regenerate for Unicode 15.0.0e3c038a
all: prepare for Unicode 15.0.03a7a255
internal/export/idna: make more space for mapping indexd61dd50
go.mod: delete repeated "indirect"Updates
google.golang.org/protobuf
from 1.28.0 to 1.33.0Updates
github.com/gin-gonic/gin
from 1.7.0 to 1.9.1Release notes
Sourced from github.com/gin-gonic/gin's releases.
... (truncated)
Changelog
Sourced from github.com/gin-gonic/gin's changelog.
... (truncated)
Commits
4ea0e64
Ready release gin 1.9.1 (by: thinkerou) (#3630)bb1fc2e
fix Request.Context() checks (#3512)2d4bbec
fix lack of escaping of filename in Content-Disposition (#3556)9f5ecd4
chore(deps): bump actions/setup-go from 3 to 4 (#3543)20cd6bc
chore(deps): bump github.com/go-playground/validator/v10 (#3610)6bdc725
Fix typos in ISSUE_TEMPLATE.md (#3616)1ab2689
chore(deps): bump golang.org/x/net from 0.9.0 to 0.10.0 (#3599)6a0556e
improve render code coverage (#3525)eac2daa
chore: update dependencies for various packages and libraries (#3585)757a638
chore: improve linting, testing, and GitHub Actions setup (#3583)Updates
golang.org/x/net
from 0.0.0-20220225172249-27dd8689420f to 0.23.0Commits
Updates
golang.org/x/sys
from 0.0.0-20220808155132-1c4a2a72c664 to 0.18.0Commits
13b15b7
unix: add IoctlLoopConfigure on linux11eadc0
windows: add AddDllDirectory and RemoveDllDirectorye4099bf
unix: fix trimmed socket opt string in GetsockoptString9888904
unix: update BPF constants for Linux kernel 6.62d0c736
unix: use fchmodat2 in Fchmodatec230da
unix: use fcntl(2) libc stub on OpenBSDcb378ae
syscall: call getfsstat via libc on openbsd661d749
unix: use libc stubs for OpenBSD pledge+unveil1168e25
unix/linux: update Linux kernel to v6.6249e16f
unix: require minimum OpenBSD 6.4 for pledge, unveilUpdates
golang.org/x/text
from 0.3.7 to 0.14.0Commits
6c97a16
all: update go directive to 1.18f488e19
unicode/norm: fix function name on commentfb697c0
cmd/gotext: actually use -dir flagf3e69ed
cmd/gotext: fix misbehaviorsab07ad1
all: remove repetitive wordse503480
encoding/japanese, language: shorten very long sub-test names2df65d7
all: regenerate for Unicode 15.0.0e3c038a
all: prepare for Unicode 15.0.03a7a255
internal/export/idna: make more space for mapping indexd61dd50
go.mod: delete repeated "indirect"Updates
google.golang.org/grpc
from 1.49.0 to 1.56.3Release notes
Sourced from google.golang.org/grpc's releases.