grafana · aldernero · Apr 20, 2023 · Apr 19, 2023 · Apr 20, 2023 · Apr 20, 2023
@@ -16,7 +16,7 @@ jobs:
     - uses: actions/checkout@v3
     - uses: actions/setup-go@v3
       with:
-        go-version: '1.20.1'
+        go-version: '1.20.3'
     - uses: helm/kind-action@v1.2.0
     - name: Download yq
       uses: dsaltares/fetch-gh-release-asset@d9376dacd30fd38f49238586cd2e9295a8307f4c

@@ -18,7 +18,7 @@ jobs:
   conftest:
     runs-on: ubuntu-latest
     container:
-      image: grafana/mimir-build-image:goupdate-751733fe1
+      image: grafana/mimir-build-image:chore-upgrade-go-1203-5c4c29f01
     steps:
       - name: Check out repository
         uses: actions/checkout@v3

@@ -20,7 +20,7 @@ jobs:
   lint:
     runs-on: ubuntu-latest
     container:
-      image: grafana/mimir-build-image:goupdate-751733fe1
+      image: grafana/mimir-build-image:chore-upgrade-go-1203-5c4c29f01
     steps:
       - name: Check out repository
         uses: actions/checkout@v3
@@ -64,7 +64,7 @@ jobs:
   lint-jsonnet:
     runs-on: ubuntu-latest
     container:
-      image: grafana/mimir-build-image:goupdate-72d66708c
+      image: grafana/mimir-build-image:chore-upgrade-go-1203-5c4c29f01
     steps:
       - name: Check out repository
         uses: actions/checkout@v3
@@ -90,7 +90,7 @@ jobs:
   lint-helm:
     runs-on: ubuntu-latest
     container:
-      image: grafana/mimir-build-image:goupdate-751733fe1
+      image: grafana/mimir-build-image:chore-upgrade-go-1203-5c4c29f01
     steps:
       - name: Check out repository
         uses: actions/checkout@v3
@@ -119,7 +119,7 @@ jobs:
         test_group_id:    [0, 1, 2, 3]
         test_group_total: [4]
     container:
-      image: grafana/mimir-build-image:goupdate-751733fe1
+      image: grafana/mimir-build-image:chore-upgrade-go-1203-5c4c29f01
     steps:
       - name: Check out repository
         uses: actions/checkout@v3
@@ -154,7 +154,7 @@ jobs:
   build:
     runs-on: ubuntu-latest
     container:
-      image: grafana/mimir-build-image:goupdate-751733fe1
+      image: grafana/mimir-build-image:chore-upgrade-go-1203-5c4c29f01
     steps:
       - name: Check out repository
         uses: actions/checkout@v3
@@ -198,7 +198,7 @@ jobs:
       - name: Upgrade golang
         uses: actions/setup-go@v3
         with:
-          go-version: 1.20.1
+          go-version: 1.20.3
       - name: Check out repository
         uses: actions/checkout@v3
       - name: Run Git Config
@@ -244,7 +244,7 @@ jobs:
     if: (startsWith(github.ref, 'refs/tags/') || startsWith(github.ref, 'refs/heads/r') ) && github.event_name == 'push' && github.repository == 'grafana/mimir'
     runs-on: ubuntu-latest
     container:
-      image: grafana/mimir-build-image:goupdate-751733fe1
+      image: grafana/mimir-build-image:chore-upgrade-go-1203-5c4c29f01
     steps:
       - name: Check out repository
         uses: actions/checkout@v3

@@ -1,5 +1,11 @@
 # Changelog
 
+## 2.7.2
+
+### Grafana Mimir
+
+* [BUGFIX] Security: updated Go version to 1.20.3 to fix CVE-2023-24538 #4795
+
 ## 2.7.1
 
 **Note**: During the release process, version 2.7.0 was tagged too early, before completing the release checklist and production testing. Release 2.7.1 doesn't include any code changes since 2.7.0, but now has proper release notes, published documentation, and has been fully tested in our production environment.

@@ -178,7 +178,7 @@ mimir-build-image/$(UPTODATE): mimir-build-image/*
 # All the boiler plate for building golang follows:
 SUDO := $(shell docker info >/dev/null 2>&1 || echo "sudo -E")
 BUILD_IN_CONTAINER ?= true
-LATEST_BUILD_IMAGE_TAG ?= goupdate-751733fe1
+LATEST_BUILD_IMAGE_TAG ?= chore-upgrade-go-1203-5c4c29f01
 
 # TTY is parameterized to allow Google Cloud Builder to run builds,
 # as it currently disallows TTY devices. This value needs to be overridden

@@ -1 +1 @@
-2.7.1
+2.7.2
@@ -1,4 +1,4 @@
-FROM golang:1.20.1
+FROM golang:1.20.3
 ENV CGO_ENABLED=0
 RUN go install github.com/go-delve/delve/cmd/dlv@v1.9.1
 

@@ -1,4 +1,4 @@
-FROM golang:1.20.1
+FROM golang:1.20.3
 ENV CGO_ENABLED=0
 RUN go install github.com/go-delve/delve/cmd/dlv@v1.7.3
 

@@ -79,3 +79,4 @@ In Grafana Mimir 2.7, the following options, metrics, and labels have been remov
 - Ingester: conversion of global limits max-series-per-user, max-series-per-metric, max-metadata-per-user and max-metadata-per-metric into corresponding local limits now takes into account the number of ingesters in each zone. [PR 4238](https://github.com/grafana/mimir/pull/4238)
 - Ingester: track cortex_ingester_memory_series metric consistently with cortex_ingester_memory_series_created_total and cortex_ingester_memory_series_removed_total. [PR 4312](https://github.com/grafana/mimir/pull/4312)
 - Querier: fixed a bug which was incorrectly matching series with regular expression label matchers with begin/end anchors in the middle of the regular expression. [PR 4340](https://github.com/grafana/mimir/pull/4340)
+- Security: updated the Go version to 1.20.3 to fix CVE-2023-24538. [PR 4795](https://github.com/grafana/mimir/pull/4795)
@@ -5,7 +5,7 @@
 
 FROM k8s.gcr.io/kustomize/kustomize:v4.5.5 as kustomize
 FROM alpine/helm:3.11.1 as helm
-FROM golang:1.20.1-bullseye
+FROM golang:1.20.3-bullseye
 ARG goproxyValue
 ENV GOPROXY=${goproxyValue}
 ENV SKOPEO_DEPS="libgpgme-dev libassuan-dev libbtrfs-dev libdevmapper-dev pkg-config"

@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 
-FROM grafana/mimirtool:2.7.1
+FROM grafana/mimirtool:2.7.2
 
 COPY entrypoint.sh /entrypoint.sh
 

@@ -472,7 +472,7 @@ spec:
         - -server.http-listen-port=8080
         - -target=distributor
         - -usage-stats.installation-mode=jsonnet
-        image: grafana/mimir:2.7.1
+        image: grafana/mimir:2.7.2
         imagePullPolicy: IfNotPresent
         name: distributor
         ports:
@@ -564,7 +564,7 @@ spec:
         env:
         - name: JAEGER_REPORTER_MAX_QUEUE_SIZE
           value: "1024"
-        image: grafana/mimir:2.7.1
+        image: grafana/mimir:2.7.2
         imagePullPolicy: IfNotPresent
         name: querier
         ports:
@@ -637,7 +637,7 @@ spec:
         - -server.http-listen-port=8080
         - -target=query-frontend
         - -usage-stats.installation-mode=jsonnet
-        image: grafana/mimir:2.7.1
+        image: grafana/mimir:2.7.2
         imagePullPolicy: IfNotPresent
         name: query-frontend
         ports:
@@ -708,7 +708,7 @@ spec:
         - -server.http-listen-port=8080
         - -target=query-scheduler
         - -usage-stats.installation-mode=jsonnet
-        image: grafana/mimir:2.7.1
+        image: grafana/mimir:2.7.2
         imagePullPolicy: IfNotPresent
         name: query-scheduler
         ports:
@@ -792,7 +792,7 @@ spec:
         - -store-gateway.sharding-ring.store=memberlist
         - -target=ruler
         - -usage-stats.installation-mode=jsonnet
-        image: grafana/mimir:2.7.1
+        image: grafana/mimir:2.7.2
         imagePullPolicy: IfNotPresent
         name: ruler
         ports:
@@ -884,7 +884,7 @@ spec:
         env:
         - name: JAEGER_REPORTER_MAX_QUEUE_SIZE
           value: "1024"
-        image: grafana/mimir:2.7.1
+        image: grafana/mimir:2.7.2
         imagePullPolicy: IfNotPresent
         name: ruler-querier
         ports:
@@ -960,7 +960,7 @@ spec:
         - -server.http-listen-port=8080
         - -target=query-frontend
         - -usage-stats.installation-mode=jsonnet
-        image: grafana/mimir:2.7.1
+        image: grafana/mimir:2.7.2
         imagePullPolicy: IfNotPresent
         name: ruler-query-frontend
         ports:
@@ -1031,7 +1031,7 @@ spec:
         - -server.http-listen-port=8080
         - -target=query-scheduler
         - -usage-stats.installation-mode=jsonnet
-        image: grafana/mimir:2.7.1
+        image: grafana/mimir:2.7.2
         imagePullPolicy: IfNotPresent
         name: ruler-query-scheduler
         ports:
@@ -1099,7 +1099,7 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: status.podIP
-        image: grafana/mimir:2.7.1
+        image: grafana/mimir:2.7.2
         imagePullPolicy: IfNotPresent
         name: alertmanager
         ports:
@@ -1195,7 +1195,7 @@ spec:
         - -server.http-listen-port=8080
         - -target=compactor
         - -usage-stats.installation-mode=jsonnet
-        image: grafana/mimir:2.7.1
+        image: grafana/mimir:2.7.2
         imagePullPolicy: IfNotPresent
         name: compactor
         ports:
@@ -1298,7 +1298,7 @@ spec:
         - -server.http-listen-port=8080
         - -target=ingester
         - -usage-stats.installation-mode=jsonnet
-        image: grafana/mimir:2.7.1
+        image: grafana/mimir:2.7.2
         imagePullPolicy: IfNotPresent
         name: ingester
         ports:
@@ -1627,7 +1627,7 @@ spec:
         - -store-gateway.sharding-ring.wait-stability-min-duration=1m
         - -target=store-gateway
         - -usage-stats.installation-mode=jsonnet
-        image: grafana/mimir:2.7.1
+        image: grafana/mimir:2.7.2
         imagePullPolicy: IfNotPresent
         name: store-gateway
         ports:

@@ -767,7 +767,7 @@ spec:
         - -server.http-listen-port=8080
         - -target=distributor
         - -usage-stats.installation-mode=jsonnet
-        image: grafana/mimir:2.7.1
+        image: grafana/mimir:2.7.2
         imagePullPolicy: IfNotPresent
         name: distributor
         ports:
@@ -857,7 +857,7 @@ spec:
         env:
         - name: JAEGER_REPORTER_MAX_QUEUE_SIZE
           value: "1024"
-        image: grafana/mimir:2.7.1
+        image: grafana/mimir:2.7.2
         imagePullPolicy: IfNotPresent
         name: querier
         ports:
@@ -929,7 +929,7 @@ spec:
         - -server.http-listen-port=8080
         - -target=query-frontend
         - -usage-stats.installation-mode=jsonnet
-        image: grafana/mimir:2.7.1
+        image: grafana/mimir:2.7.2
         imagePullPolicy: IfNotPresent
         name: query-frontend
         ports:
@@ -1000,7 +1000,7 @@ spec:
         - -server.http-listen-port=8080
         - -target=query-scheduler
         - -usage-stats.installation-mode=jsonnet
-        image: grafana/mimir:2.7.1
+        image: grafana/mimir:2.7.2
         imagePullPolicy: IfNotPresent
         name: query-scheduler
         ports:
@@ -1083,7 +1083,7 @@ spec:
         - -store-gateway.sharding-ring.store=consul
         - -target=ruler
         - -usage-stats.installation-mode=jsonnet
-        image: grafana/mimir:2.7.1
+        image: grafana/mimir:2.7.2
         imagePullPolicy: IfNotPresent
         name: ruler
         ports:
@@ -1158,7 +1158,7 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: status.podIP
-        image: grafana/mimir:2.7.1
+        image: grafana/mimir:2.7.2
         imagePullPolicy: IfNotPresent
         name: alertmanager
         ports:
@@ -1250,7 +1250,7 @@ spec:
         - -server.http-listen-port=8080
         - -target=compactor
         - -usage-stats.installation-mode=jsonnet
-        image: grafana/mimir:2.7.1
+        image: grafana/mimir:2.7.2
         imagePullPolicy: IfNotPresent
         name: compactor
         ports:
@@ -1349,7 +1349,7 @@ spec:
         - -server.http-listen-port=8080
         - -target=ingester
         - -usage-stats.installation-mode=jsonnet
-        image: grafana/mimir:2.7.1
+        image: grafana/mimir:2.7.2
         imagePullPolicy: IfNotPresent
         name: ingester
         ports:
@@ -1674,7 +1674,7 @@ spec:
         - -store-gateway.sharding-ring.wait-stability-min-duration=1m
         - -target=store-gateway
         - -usage-stats.installation-mode=jsonnet
-        image: grafana/mimir:2.7.1
+        image: grafana/mimir:2.7.2
         imagePullPolicy: IfNotPresent
         name: store-gateway
         ports: