Bump go version to 1.19.10 (!4172) · Merge requests · GitLab.org / gitlab-runner

Axel von Bertoldi requested to merge avonbertoldi/CVE-various/update-go into main Jun 27, 2023

There are a number of critical CVE vulnerability reports against go in a number of runner-related docker images. In many cases the vulnerability is fixed in go releases >= 1.19.10. We can make all these vulns go away by upgrading go to 1.19.10. Vulns include:

CVE-2023-29402
CVE-2023-29403
CVE-2023-29404
CVE-2023-29405

See https://gitlab.com/gitlab-org/ci-cd/runner-tools/gitlab-runner-containers-scan-trigger/-/security/vulnerability_report/?activity=STILL_DETECTED&severity=CRITICAL

fixes https://gitlab.com/gitlab-org/gitlab-runner/-/issues/34312

Edited Jun 28, 2023 by Axel von Bertoldi

Bump go version to 1.19.10

Merge request reports