From 84a58b2a147fef5a0d27090819ce25cfb42ce5fa Mon Sep 17 00:00:00 2001 From: skpratt Date: Wed, 1 Nov 2023 11:56:07 -0500 Subject: [PATCH] Stage release 1.2.3 --- CHANGELOG.md | 18 ++++++++++++++++++ pkg/version/version.go | 2 +- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 26f63c20..80a5b949 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,21 @@ +## 1.2.3 (November 1, 2023) + +SECURITY: + +* Update Envoy version to 1.26.6 to address [CVE-2023-44487](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jhv4-f7mr-xx76) [[GH-313](https://github.com/hashicorp/consul-dataplane/pull/313)] +* Upgrade `google.golang.org/grpc` to 1.56.3. + This resolves vulnerability [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487). [[GH-323](https://github.com/hashicorp/consul-dataplane/pull/323)] +* Upgrade to use Go 1.20.10 and `x/net` 0.17.0. + This resolves [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) + / [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487). [[GH-299](https://github.com/hashicorp/consul-dataplane/pull/299)] +* Upgrade to use Go 1.20.8. This resolves CVEs + [CVE-2023-39320](https://github.com/advisories/GHSA-rxv8-v965-v333) (`cmd/go`), + [CVE-2023-39318](https://github.com/advisories/GHSA-vq7j-gx56-rxjh) (`html/template`), + [CVE-2023-39319](https://github.com/advisories/GHSA-vv9m-32rr-3g55) (`html/template`), + [CVE-2023-39321](https://github.com/advisories/GHSA-9v7r-x7cv-v437) (`crypto/tls`), and + [CVE-2023-39322](https://github.com/advisories/GHSA-892h-r6cr-53g4) (`crypto/tls`) [[GH-261](https://github.com/hashicorp/consul-dataplane/pull/261)] + + ## 1.2.2 (September 5, 2023) SECURITY: diff --git a/pkg/version/version.go b/pkg/version/version.go index ca3e80c4..48229f59 100644 --- a/pkg/version/version.go +++ b/pkg/version/version.go @@ -22,7 +22,7 @@ var ( // A pre-release marker for the version. If this is "" (empty string) // then it means that it is a final release. Otherwise, this is a pre-release // such as "dev" (in development), "beta", "rc1", etc. - VersionPrerelease = "dev" + VersionPrerelease = "" ) // GetHumanVersion composes the parts of the version in a way that's suitable