[
https://issues.apache.org/jira/browse/BEAM-14456?focusedWorklogId=769161&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-769161
]
ASF GitHub Bot logged work on BEAM-14456:
-----------------------------------------
Author: ASF GitHub Bot
Created on: 11/May/22 15:54
Start Date: 11/May/22 15:54
Worklog Time Spent: 10m
Work Description: lostluck commented on PR #17606:
URL: https://github.com/apache/beam/pull/17606#issuecomment-1123957809
I'll note that none of Kotlin Examples, PythonDocs, or CommunityMetrics
would fail from this change given that everything else that uses the containers
(see practically every other suite), is passing.
Issue Time Tracking
-------------------
Worklog Id: (was: 769161)
Time Spent: 1h 20m (was: 1h 10m)
> Use Go 1.18.2 to build 2.39 Container Bootloaders
> --------------------------------------------------
>
> Key: BEAM-14456
> URL: https://issues.apache.org/jira/browse/BEAM-14456
> Project: Beam
> Issue Type: Bug
> Components: sdk-go, sdk-java-core, sdk-py-core
> Affects Versions: 2.39.0
> Reporter: Robert Burke
> Assignee: Robert Burke
> Priority: P2
> Fix For: 2.39.0
>
> Time Spent: 1h 20m
> Remaining Estimate: 0h
>
> It's been noted that by using older Go releases to compile Go containers we
> run the risk of the bootloaders using vulnerable versions.
> This issue is to close the gap for 2.39, while a separate one is to document
> the policy of keeping the release artifacts built with the latest Go version.
> While it's unlikely to be an attack vector, it's prudent that we keep these
> gaps as closed as we're able.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
