Using the base golang:1.11 docker image so that we can easily track
security patches for go 1.11. In particular this includes go 1.11.13,
which address
net/http: Denial of Service vulnerabilities in the HTTP/2 implementation
net/http and golang.org/x/net/http2 servers that accept direct connections
from untrusted clients could be remotely made to allocate an unlimited amount
of memory, until the program crashes. Servers will now close connections if
the send queue accumulates too many control messages.
net/url: parsing validation issue
url.Parse would accept URLs with malformed hosts, such that the Host field
could have arbitrary suffixes that would appear in neither Hostname() nor
Port(), allowing authorization bypasses in certain applications. Note that URLs
with invalid, not numeric ports will now return an error from url.Parse.
Motivation and Context
[x] I have raised an issue to propose this change (required)
Resolves #78
How Has This Been Tested?
Built the image and then exec-ing the binary using
Using the base golang:1.11 docker image so that we can easily track security patches for go 1.11. In particular this includes go 1.11.13, which address
https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg
Motivation and Context
Resolves #78
How Has This Been Tested?
Built the image and then exec-ing the binary using
Types of changes
Checklist:
git commit -s