-
Notifications
You must be signed in to change notification settings - Fork 3.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
upgrade to go 1.12.11 for maintenance branches #41718
Comments
Ping. We should probably get this into 19.2 (and backported) soonish. |
41901: storage/engine: centralize specification of pebble.Options r=petermattis a=petermattis Fixes #41860 Release note: None 41993: build: Upgrade to go 1.12.12 r=bobvawter a=bobvawter This change upgrades the go runtime to 1.12.12 in order to pick up a [security fix](golang/go#34960). Per the [checklist](build/README.md): * [X] Adjust version in Docker image * [X] Rebuild the Docker image and bump the version in builder.sh accordingly * [ ] ~Bump the version in go-version-check.sh~ (Patch release, not necessary) * [X] Bump the default installed version of Go in bootstrap-debian.sh Fixes: #41718 Release note (build change): The go runtime has been upgraded to 1.12.12. Co-authored-by: Peter Mattis <petermattis@gmail.com> Co-authored-by: Bob Vawter <bob@cockroachlabs.com>
Are we doing 19.1 as well? |
Re-opening. We should do 19.1. |
The 19.1 branch is building from golang 1.11. The golang security fix was only backported to the 1.12 and 1.13 branches. Do we want to jump the 19.1 branch to a much newer golang runtime? ISTM that we might instead want to change 19.1 to recover from this panic instead. |
@bdarnell do you have a minute to weigh in on whether or not we should update the 19.1 branch from go 1.11.X to go 1.12.X? Otherwise, we could try to create an invalid certificate and catch the relevant panic to prevent it from dropping the node. |
Given the Go policy of only providing security fixes for the last two releases (and generally good backwards-compatibility), I think we need to advance the version of go used on older branches (19.1 and 2.1) so we stay on a supported version. I would not want to try and individually work up security patches/workarounds. |
<deleted above comment, was in error> |
discussed in team meeting that we should upgrade 19.2 and 2.1 since these are supported releases |
19.2 is done. |
@petermattis FYI we are not going to spend any further effort on upgrading 2.1. Let me know if that's an issue. |
This is to pick up the fix to golang/go#34960. Go can crash when attempting to verify an invalid DSA public key in a certificate (client or server).
We should definitely upgrade in time for 19.2 and probably backport to 19.1.
The text was updated successfully, but these errors were encountered: