Security Concern: Update golang version to 1.18.6 or 1.19.1 #9569

Closed
opened 2025-11-02 08:43:13 -06:00 by GiteaMirror · 2 comments
Owner

Originally created by @Bruc3Stark on GitHub (Sep 14, 2022).

Feature Description

Hello, we are now using gitea v1.16.8 with golang v1.18.2. However, according to https://nvd.nist.gov/vuln/detail/CVE-2022-32190 , we wonder if this golang security vulnerability would cause unknown issues. So we suggest updating the golang version to v1.18.6 or v1.19.1.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-32190
https://github.com/golang/go/issues/54385
https://groups.google.com/g/golang-announce/c/x49AQzIVX-s

Screenshots

No response

Originally created by @Bruc3Stark on GitHub (Sep 14, 2022). ### Feature Description Hello, we are now using gitea v1.16.8 with golang v1.18.2. However, according to https://nvd.nist.gov/vuln/detail/CVE-2022-32190 , we wonder if this golang security vulnerability would cause unknown issues. So we suggest updating the golang version to v1.18.6 or v1.19.1. Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-32190 https://github.com/golang/go/issues/54385 https://groups.google.com/g/golang-announce/c/x49AQzIVX-s ### Screenshots _No response_
Author
Owner

@techknowlogick commented on GitHub (Sep 14, 2022):

  1. Please don't open security reports in the public issue trackers. You have already sent this to the security email which is the correct process.
  2. You are running an out of date version of Gitea, we have updated to building with the latest golang version within an hour of it being released.
@techknowlogick commented on GitHub (Sep 14, 2022): 1. Please don't open security reports in the public issue trackers. You have already sent this to the security email which is the correct process. 2. You are running an out of date version of Gitea, we have updated to building with the latest golang version within an hour of it being released.
Author
Owner

@Bruc3Stark commented on GitHub (Sep 14, 2022):

OK, sorry for the inappropriate behavior.

@Bruc3Stark commented on GitHub (Sep 14, 2022): > OK, sorry for the inappropriate behavior.
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#9569