prepare 6.7.14 release #206

LaunchDarklyReleaseBot · 2022-10-26T19:30:15Z

[6.7.14] - 2022-10-26

This is a security patch release.

Fixed:

Updated Go runtime version in the Docker image to 1.19.2, to address multiple vulnerability reports in Go 1.17.x and 1.18.x. (#205)
Updated Consul API module version as a workaround for a false-positive report of CVE-2022-40716. (#205)
Removed a transitive dependency on AWS SDK v1, which was causing vulnerability reports for CVE-2020-8911 and CVE-2020-8912; in practice, this functionality was never being used by the Relay Proxy. (#204)
Enforce a minimum TLS version of 1.2 when connecting to a secure Redis instance.
In offline mode, added a check to prevent a maliciously crafted archive file from causing file data to be written outside of the directory where the archive is being expanded.
Minor code changes to avoid using the deprecated ioutil package.
CI tests now include Go 1.18 and 1.19.

use latest URL paths for big segments endpoints

…ted in requests (#244)

don't return 503 if SDK initialization has timed out

…ing (#250)

# Conflicts: # .circleci/config.yml # .gitignore # Makefile # internal/core/relayenv/env_context_impl.go

use public prerelease tags instead of private dependencies

update SDK dependencies for JSON number parsing bugfix

(#1) update gorilla/mux to 1.8.0 + improve CORS handling

(#2) update OpenCensus packages

# Conflicts: # go.mod # go.sum

ensure that DynamoDB config is consistent between Big Segments and regular data store

update Alpine to 3.16.2

…rchive

add Go 1.18/1.19 CI, update linter etc.

update to Go 1.19.2

… dependency (#343)

eli-darkly and others added 30 commits April 23, 2021 12:46

Merge pull request #243 from launchdarkly/eb/ch103716/big-segments-urls

ffa433f

use latest URL paths for big segments endpoints

fix broken link in Markdown docs (#246)

9ffad44

make sure newly added credentials for existing environments are accep…

1e8a19f

…ted in requests (#244)

merge from public after release

a527fab

don't return 503 if SDK initialization has timed out

0c15bb5

Merge pull request #247 from launchdarkly/eb/ch107100/timeout-503

c4ae513

don't return 503 if SDK initialization has timed out

add in-repo docs about error/503 behavior (#249)

9bb4109

merge from public after release

7a6f119

[ch102255] BigSegments DynamoDB (#245)

7603406

add init timeout config option + better test coverage + misc refactor…

e84c586

…ing (#250)

Merge branch 'v6' into bigsegments

89454a4

# Conflicts: # .circleci/config.yml # .gitignore # Makefile # internal/core/relayenv/env_context_impl.go

merge from public after release

57b9591

fix example build command

3a27d60

use public prerelease tags instead of private dependencies

8120f6e

fix Go installation in CI

29c18f1

Merge pull request #251 from launchdarkly/eb/ch102252/no-private-deps

ffaf624

use public prerelease tags instead of private dependencies

update SDK dependencies for JSON number parsing bugfix

3298fee

Merge pull request #252 from launchdarkly/eb/ch110425/json-number-bug

fd3ff51

update SDK dependencies for JSON number parsing bugfix

merge from public after release

ccb6d47

update gorilla/mux to 1.8.0

608d4fa

update OpenCensus packages

d21b6fd

Merge pull request #253 from launchdarkly/eb/ch110776/mux-update

c486ae5

(#1) update gorilla/mux to 1.8.0 + improve CORS handling

Merge pull request #254 from launchdarkly/eb/ch110760/opencensus-update

39289bd

(#2) update OpenCensus packages

merge from public after release

8eadb76

Merge branch 'v6' into bigsegments

0374361

# Conflicts: # go.mod # go.sum

add Go 1.16 CI + "latest Go" CI + use latest 1.15 patch for release

efc4439

cimg images use "current", not "latest"

b74ea3e

seems there isn't any cimg/go "latest" or "current"

dad733b

add daily package build test in CI

f8915c6

job names

0111170

eli-darkly and others added 25 commits July 27, 2022 17:46

comment

0e8f96e

Merge pull request #330 from launchdarkly/eb/sc-162022/ddb-config

3f4f758

ensure that DynamoDB config is consistent between Big Segments and regular data store

merge from public after release

8131997

update Alpine to 3.16.2

c7092ff

Merge pull request #331 from launchdarkly/eb/sc-164451/alpine-update

37605e6

update Alpine to 3.16.2

merge from public after release

946e2bc

update golangci-lint and go-junit-report

04a7df2

fix CI

a778093

prevent traversal of directories outside target path when expanding a…

a791c0a

…rchive

enforce TLS >= 1.2 for secure Redis

4ac1dab

misc linter updates

6817e52

fix test message

51bb26c

add Go 1.18 & 1.19 jobs

601e8d3

make test expectation less Go-version-dependent

851376b

linting

0a6c25e

revert unnecessary change

6cdf345

fix installation of test coverage tool

4738bac

Merge pull request #334 from launchdarkly/eb/sc-168010/go-tools-update

92638bf

add Go 1.18/1.19 CI, update linter etc.

migrate to AWS Go SDK v2 for DynamoDB (#333)

92e5f0b

update to Go 1.19.2

d735b0c

update golang.org/x/net for CVE-2022-27664

107b8ea

update golang.org/x/text for CVE-2022-32149

d2ccc31

update Consul API dependency to avoid false report of CVE-2022-40716

e8e8527

Merge pull request #342 from launchdarkly/eb/sc-174350/go-version-update

40a19b2

update to Go 1.19.2

switch to fork of Stackdriver metrics client to remove AWS transitive…

7d659a6

… dependency (#343)

eli-darkly requested review from cwaldren-ld and louis-launchdarkly October 26, 2022 19:30

louis-launchdarkly approved these changes Oct 26, 2022

View reviewed changes

LaunchDarklyReleaseBot merged commit 51a2b13 into v6 Oct 26, 2022

LaunchDarklyReleaseBot deleted the release-6.7.14 branch October 26, 2022 20:02

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

prepare 6.7.14 release #206

prepare 6.7.14 release #206

LaunchDarklyReleaseBot commented Oct 26, 2022

prepare 6.7.14 release #206

prepare 6.7.14 release #206

Conversation

LaunchDarklyReleaseBot commented Oct 26, 2022

[6.7.14] - 2022-10-26

Fixed: