Update golang.org/x/crypto #19097
Merged
Update golang.org/x/crypto #19097
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Update dependency to include fix for CVE. - See https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ?utm_medium=email&utm_source=footer
Gusted
added
topic/security
Gusted
added a commit
to Gusted/gitea
that referenced
this pull request
Mar 15, 2022
delvh
approved these changes
Mar 15, 2022
GiteaBot
added
the
lgtm/need 1
|
We may not need the workaround from #17281 anymore. |
- Introduced in go-gitea#17281 - Fixed in x/crypto: - golang/crypto@5d542ad - & golang/crypto@3147a52
- Use standardized name for curve22519-sha256. golang/crypto@9b07691 - Prefer SHA256 version over SHA1 version. golang/crypto@e4b3678
|
Does this also fix the #17798 |
Confirmed over discord, this issue is not fixed with the recent additions to the SSH library. |
|
yeah this doesn't fix #17798 |
|
OK I guess it's still worth updating this |
zeripath
approved these changes
Mar 15, 2022
GiteaBot
added
lgtm/done
zeripath
removed
topic/security
zjjhot
added a commit
to zjjhot/gitea
that referenced
this pull request
Mar 16, 2022
* giteaoffical/main: rm .sample hooks which aren't used (go-gitea#19101) use go1.18 to build gitea (go-gitea#19099) Use `go run` for tool dependencies, require go 1.17 (go-gitea#18874) Update golang.org/x/crypto (go-gitea#19097) Handle email address not exist. (go-gitea#19089)
zeripath
added a commit
to zeripath/gitea
that referenced
this pull request
Mar 23, 2022
## [1.16.5](https://github.com/go-gitea/gitea/releases/tag/1.16.5) - 2022-03-23 * BREAKING * Bump to build with go1.18 (go-gitea#19120 et al) (go-gitea#19127) * SECURITY * Prevent redirect to Host (2) (go-gitea#19175) (go-gitea#19186) * Try to prevent autolinking of displaynames by email readers (go-gitea#19169) (go-gitea#19183) * Clean paths when looking in Storage (go-gitea#19124) (go-gitea#19179) * Do not send notification emails to inactive users (go-gitea#19131) (go-gitea#19139) * Do not send activation email if manual confirm is set (go-gitea#19119) (go-gitea#19122) * ENHANCEMENTS * Use the new/choose link for New Issue on project page (go-gitea#19172) (go-gitea#19176) * BUGFIXES * Fix compare link in active feeds for new branch (go-gitea#19149) (go-gitea#19185) * Redirect .wiki/* ui link to /wiki (go-gitea#18831) (go-gitea#19184) * Ensure deploy keys with write access can push (go-gitea#19010) (go-gitea#19182) * Ensure that setting.LocalURL always has a trailing slash (go-gitea#19171) (go-gitea#19177) * Cleanup protected branches when deleting users & teams (go-gitea#19158) (go-gitea#19174) * Use IterateBufferSize whilst querying repositories during adoption check (go-gitea#19140) (go-gitea#19160) * Fix NPE /repos/issues/search when not signed in (go-gitea#19154) (go-gitea#19155) * Use custom favicon when viewing static files if it exists (go-gitea#19130) (go-gitea#19152) * Fix the editor height in review box (go-gitea#19003) (go-gitea#19147) * Ensure isSSH is set whenever DISABLE_HTTP_GIT is set (go-gitea#19028) (go-gitea#19146) * Fix wrong scopes caused by empty scope input (go-gitea#19029) (go-gitea#19145) * Make migrations SKIP_TLS_VERIFY apply to git too (go-gitea#19132) (go-gitea#19141) * Handle email address not exist (go-gitea#19089) (go-gitea#19121) * MISC * Update json-iterator to allow compilation with go1.18 (go-gitea#18644) (go-gitea#19100) * Update golang.org/x/crypto (go-gitea#19097) (go-gitea#19098) Signed-off-by: Andrew Thornton <art27@cantab.net>
Merged
Closed
Chianina
pushed a commit
to Chianina/gitea
that referenced
this pull request
Mar 28, 2022
* Update golang.org/x/crypto - Update dependency to include fix for CVE. - See https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ?utm_medium=email&utm_source=footer * Fix deprecation notice * Remove workaround - Introduced in go-gitea#17281 - Fixed in x/crypto: - golang/crypto@5d542ad - & golang/crypto@3147a52 * Update Kex Algorithms - Use standardized name for curve22519-sha256. golang/crypto@9b07691 - Prefer SHA256 version over SHA1 version. golang/crypto@e4b3678
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Update dependency to include fix for CVE.
See https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ
Remove workaround: Introduced in Offer rsa-sha2-512 and rsa-sha2-256 algorithms in internal SSH #17281
Fixed in x/crypto: golang/crypto@5d542ad & golang/crypto@3147a52
Update Kex Algorithms.
Use standardized name for curve22519-sha256. golang/crypto@9b07691
Prefer SHA256 version over SHA1 version. golang/crypto@e4b3678