ELSA-2022-8057: grafana security, bug fix, and enhancement update (IMPORTANT)

ELSA-2022-7519: grafana security, bug fix, and enhancement update (MODERATE)

ELSA-2022-24267: ol8addon security update (IMPORTANT)

Moderate: git-lfs security and bug fix update

ELSA-2022-7129: git-lfs security and bug fix update (MODERATE)

ELSA-2023-2357: git-lfs security and bug fix update (MODERATE)

Security update for go1.18-openssl

ELSA-2024-2180: runc security update (MODERATE)

Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.

Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.

Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.

Improper sanitization of Transfer-Encoding headers in net/http

Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 cli ...

Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.

Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.

Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.

Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.

Stack exhaustion in Glob on certain paths in io/fs

Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18. ...

Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.