From 4565f5fbc91762f9ca90939dd178062fc391e31f Mon Sep 17 00:00:00 2001 From: Earl Warren Date: Wed, 6 Mar 2024 18:19:37 +0800 Subject: [PATCH] [RELEASE] v1.21.7-0 release notes (cosmetic changes) --- RELEASE-NOTES.md | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md index 480cf5d4da..4e87078811 100644 --- a/RELEASE-NOTES.md +++ b/RELEASE-NOTES.md @@ -13,10 +13,7 @@ $ git clone https://codeberg.org/forgejo/forgejo/ $ git -C forgejo log --oneline --no-merges v1.21.6-0..v1.21.7-0 ``` -This stable release contains bug fixes and a **security fix**. It was built with Go v1.21.8 which [includes vulnerability fixes](https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg). - -* [CVE-2023-45290](https://go.dev/issue/65383) which could lead to memory exhaustion when parsing a multipart form. -* [CVE-2023-45289](https://go.dev/issue/65065) which could allow incorrect forwarding of sensitive headers and cookies on HTTP redirect. +This stable release contains bug fixes and a **security fix**. * Recommended Action @@ -26,6 +23,13 @@ This stable release contains bug fixes and a **security fix**. It was built with The semantic version was updated to `6.0.7+0-gitea-1.21.7` +* Built with Go 1.21.8 + + It [includes vulnerability fixes](https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg). + + * [CVE-2023-45290](https://go.dev/issue/65383) which could lead to memory exhaustion when parsing a multipart form. + * [CVE-2023-45289](https://go.dev/issue/65065) which could allow incorrect forwarding of sensitive headers and cookies on HTTP redirect. + * Security fix * The google.golang.org/protobuf module was bumped to version v1.33.0 to fix a bug in the google.golang.org/protobuf/encoding/protojson package which could cause the Unmarshal function to enter an infinite loop when handling some invalid inputs. [Read more in the announcement](https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY).