52ef3468bc
go1.20.6 (released 2023-07-11) includes a security fix to the net/http package, as well as bug fixes to the compiler, cgo, the cover tool, the go command, the runtime, and the crypto/ecdsa, go/build, go/printer, net/mail, and text/template packages. See the Go 1.20.6 milestone on our issue tracker for details. https://github.com/golang/go/issues?q=milestone%3AGo1.20.6+label%3ACherryPickApproved Full diff: https://github.com/golang/go/compare/go1.20.5...go1.20.6 These minor releases include 1 security fixes following the security policy: - net/http: insufficient sanitization of Host header The HTTP/1 client did not fully validate the contents of the Host header. A maliciously crafted Host header could inject additional headers or entire requests. The HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value. Thanks to Bartek Nowotarski for reporting this issue. Includes security fixes for CVE-2023-29406 and Go issue https://go.dev/issue/60374 Signed-off-by: Danny Canter <danny@dcantah.dev> |
||
|---|---|---|
| .. | ||
| ansible | ||
| apparmor | ||
| autocomplete | ||
| aws | ||
| diffservice | ||
| Dockerfile.test.d | ||
| fuzz | ||
| gce | ||
| nvidia | ||
| seccomp | ||
| snapshotservice | ||
| Dockerfile.test | ||
| README.md | ||
contrib
The contrib directory contains packages that do not belong in the core containerd packages but still contribute to overall containerd usability.
Package such as Apparmor or Selinux are placed in contrib because they are platform dependent and often require higher level tools and profiles to work.
Packaging and other built tools can be added to contrib to aid in packaging containerd for various distributions.
Testing
Code in the contrib directory may or may not have been tested in the normal test pipeline for core components.