[
https://issues.apache.org/jira/browse/BEAM-14456?focusedWorklogId=769203&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-769203
]
ASF GitHub Bot logged work on BEAM-14456:
-----------------------------------------
Author: ASF GitHub Bot
Created on: 11/May/22 17:11
Start Date: 11/May/22 17:11
Worklog Time Spent: 10m
Work Description: y1chi merged PR #17606:
URL: https://github.com/apache/beam/pull/17606
Issue Time Tracking
-------------------
Worklog Id: (was: 769203)
Time Spent: 1.5h (was: 1h 20m)
> Use Go 1.18.2 to build 2.39 Container Bootloaders
> --------------------------------------------------
>
> Key: BEAM-14456
> URL: https://issues.apache.org/jira/browse/BEAM-14456
> Project: Beam
> Issue Type: Bug
> Components: sdk-go, sdk-java-core, sdk-py-core
> Affects Versions: 2.39.0
> Reporter: Robert Burke
> Assignee: Robert Burke
> Priority: P2
> Fix For: 2.39.0
>
> Time Spent: 1.5h
> Remaining Estimate: 0h
>
> It's been noted that by using older Go releases to compile Go containers we
> run the risk of the bootloaders using vulnerable versions.
> This issue is to close the gap for 2.39, while a separate one is to document
> the policy of keeping the release artifacts built with the latest Go version.
> While it's unlikely to be an attack vector, it's prudent that we keep these
> gaps as closed as we're able.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
