[
https://issues.apache.org/jira/browse/BEAM-14456?focusedWorklogId=768725&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-768725
]
ASF GitHub Bot logged work on BEAM-14456:
-----------------------------------------
Author: ASF GitHub Bot
Created on: 10/May/22 21:16
Start Date: 10/May/22 21:16
Worklog Time Spent: 10m
Work Description: lostluck commented on PR #17606:
URL: https://github.com/apache/beam/pull/17606#issuecomment-1122872614
R: @y1chi
Issue Time Tracking
-------------------
Worklog Id: (was: 768725)
Time Spent: 20m (was: 10m)
> Use Go 1.18.2 to build 2.39 Container Bootloaders
> --------------------------------------------------
>
> Key: BEAM-14456
> URL: https://issues.apache.org/jira/browse/BEAM-14456
> Project: Beam
> Issue Type: Bug
> Components: sdk-go, sdk-java-core, sdk-py-core
> Affects Versions: 2.39.0
> Reporter: Robert Burke
> Assignee: Robert Burke
> Priority: P2
> Time Spent: 20m
> Remaining Estimate: 0h
>
> It's been noted that by using older Go releases to compile Go containers we
> run the risk of the bootloaders using vulnerable versions.
> This issue is to close the gap for 2.39, while a separate one is to document
> the policy of keeping the release artifacts built with the latest Go version.
> While it's unlikely to be an attack vector, it's prudent that we keep these
> gaps as closed as we're able.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
