diff --git a/.changelog/19013.txt b/.changelog/19013.txt new file mode 100644 index 000000000..1cf03eab8 --- /dev/null +++ b/.changelog/19013.txt @@ -0,0 +1,3 @@ +```release-note:security +build: Update to go1.21.4 to resolve Windows path validation CVE in Go +``` diff --git a/.go-version b/.go-version index bae5c7f66..20a1265cf 100644 --- a/.go-version +++ b/.go-version @@ -1 +1 @@ -1.21.3 +1.21.4 diff --git a/contributing/README.md b/contributing/README.md index 981516378..7f0b81183 100644 --- a/contributing/README.md +++ b/contributing/README.md @@ -30,7 +30,7 @@ A development environment is supplied via Vagrant to make getting started easier Developing without Vagrant --- -1. Install [Go 1.21.3+](https://golang.org/) *(Note: `gcc-go` is not supported)* +1. Install [Go 1.21.4+](https://golang.org/) *(Note: `gcc-go` is not supported)* 1. Clone this repo ```sh $ git clone https://github.com/hashicorp/nomad.git diff --git a/scripts/linux-priv-go.sh b/scripts/linux-priv-go.sh index f89acad77..4673a882e 100755 --- a/scripts/linux-priv-go.sh +++ b/scripts/linux-priv-go.sh @@ -21,7 +21,7 @@ case $(arch) in esac function install_go() { - local go_version="1.21.3" + local go_version="1.21.4" local download="https://storage.googleapis.com/golang/go${go_version}.linux-${ARCH}.tar.gz" if go version 2>&1 | grep -q "${go_version}"; then diff --git a/scripts/release/mac-remote-build b/scripts/release/mac-remote-build index 39177e875..8ee6544bc 100755 --- a/scripts/release/mac-remote-build +++ b/scripts/release/mac-remote-build @@ -56,7 +56,7 @@ REPO_PATH="${TMP_WORKSPACE}/gopath/src/github.com/hashicorp/nomad" mkdir -p "${TMP_WORKSPACE}/tmp" install_go() { - local go_version="1.21.3" + local go_version="1.21.4" local download= download="https://storage.googleapis.com/golang/go${go_version}.darwin-amd64.tar.gz"