Robert Burke created BEAM-14456:
-----------------------------------
Summary: Use Go 1.18.2 to build 2.39 Container Bootloaders
Key: BEAM-14456
URL: https://issues.apache.org/jira/browse/BEAM-14456
Project: Beam
Issue Type: Bug
Components: sdk-go, sdk-java-core, sdk-py-core
Affects Versions: 2.39.0
Reporter: Robert Burke
It's been noted that by using older Go releases to compile Go containers we run
the risk of the bootloaders using vulnerable versions.
This issue is to close the gap for 2.39, while a separate one is to document
the policy of keeping the release artifacts built with the latest Go version.
While it's unlikely to be an attack vector, it's prudent that we keep these
gaps as closed as we're able.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
