From 635afee376f0057a8b12dcf55703c7d88b1953f7 Mon Sep 17 00:00:00 2001
From: Tim Gross <tgross@hashicorp.com>
Date: Tue, 10 Oct 2023 16:37:24 -0400
Subject: [PATCH] build: bump to go 1.21.3 (#18717)

Go 1.21.3 fixes an important HTTP2 CVE (see CVE-2023-39325 and
CVE-2023-44487). Nomad does not use HTTP2 and is not vulnerable. However we
should pick up the toolchain bump if for no other reason than we don't have to
answer questions about that.
---
 .changelog/18717.txt             | 3 +++
 .go-version                      | 2 +-
 contributing/README.md           | 2 +-
 scripts/linux-priv-go.sh         | 2 +-
 scripts/release/mac-remote-build | 2 +-
 5 files changed, 7 insertions(+), 4 deletions(-)
 create mode 100644 .changelog/18717.txt

diff --git a/.changelog/18717.txt b/.changelog/18717.txt
new file mode 100644
index 000000000000..9a775a95f198
--- /dev/null
+++ b/.changelog/18717.txt
@@ -0,0 +1,3 @@
+```release-note:security
+build: Update to Go 1.21.3
+```
diff --git a/.go-version b/.go-version
index 3500250a4b05..bae5c7f667c9 100644
--- a/.go-version
+++ b/.go-version
@@ -1 +1 @@
-1.21.0
+1.21.3
diff --git a/contributing/README.md b/contributing/README.md
index dd43d907cc53..981516378a61 100644
--- a/contributing/README.md
+++ b/contributing/README.md
@@ -30,7 +30,7 @@ A development environment is supplied via Vagrant to make getting started easier
 
 Developing without Vagrant
 ---
-1. Install [Go 1.21.0+](https://golang.org/) *(Note: `gcc-go` is not supported)*
+1. Install [Go 1.21.3+](https://golang.org/) *(Note: `gcc-go` is not supported)*
 1. Clone this repo
    ```sh
    $ git clone https://github.com/hashicorp/nomad.git
diff --git a/scripts/linux-priv-go.sh b/scripts/linux-priv-go.sh
index ae18fd852b70..9a5f76f86d3b 100755
--- a/scripts/linux-priv-go.sh
+++ b/scripts/linux-priv-go.sh
@@ -21,7 +21,7 @@ case $(arch) in
 esac
 
 function install_go() {
-	local go_version="1.21.0"
+	local go_version="1.21.3"
 	local download="https://storage.googleapis.com/golang/go${go_version}.linux-${ARCH}.tar.gz"
 
 	if go version 2>&1 | grep -q "${go_version}"; then
diff --git a/scripts/release/mac-remote-build b/scripts/release/mac-remote-build
index f738a5dc8a4a..39177e87516e 100755
--- a/scripts/release/mac-remote-build
+++ b/scripts/release/mac-remote-build
@@ -56,7 +56,7 @@ REPO_PATH="${TMP_WORKSPACE}/gopath/src/github.com/hashicorp/nomad"
 mkdir -p "${TMP_WORKSPACE}/tmp"
 
 install_go() {
-  local go_version="1.21.0"
+  local go_version="1.21.3"
   local download=
 
   download="https://storage.googleapis.com/golang/go${go_version}.darwin-amd64.tar.gz"