Skip to content
This repository has been archived by the owner on Apr 22, 2024. It is now read-only.

v1.0.2

Latest
Latest
Compare
Choose a tag to compare
@github-actions github-actions released this 07 Mar 16:23
· 4 commits to main since this release
v1.0.2
85e7991
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

This version is focused on security fixes and CVE patches. It bumps all dependencies to fix several CVEs, notably:

Upgrades to Go to 1.21.8 to fix the following CVEs:

Upgrade google.golang.org/protobuf to v1.33.0 and github.com/golang/protobuf to v1.5.4 to fix the following CVEs:

It also adds several improvements to the Docker images, such as properly setting the metadata in the multi-arch images and configuring them to run as a non-root user.

Starting from v1.0.2, all the pull requests and commits to the main and release branches will be scanned for vulnerabilities, and CVEs will be detected much earlier.

What's Changed

  • FIPS enabled message using the logging framework by @nacx in #77
  • Upgrade Go and protobuf to fix several CVEs by @nacx in #78
  • Upgrade to latest JWX v2 by @nacx in #80
  • Properly set metadata in multi-arch images by @nacx in #81
  • Bump dependencies and configure a nonroot user by @nacx in #82

Full Changelog: v1.0.1...v1.0.2

Contributors

nacx
Assets 6
Loading