Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bump docker/distribution to v2.8.1 #276

Merged
merged 1 commit into from Aug 19, 2022
Merged

bump docker/distribution to v2.8.1 #276

merged 1 commit into from Aug 19, 2022

Conversation

mihaibuzgau
Copy link

Bump docker/distribution to address CWE-843

@mihaibuzgau
bump docker/distribution to v2.8.1
280c3e1 
Signed-off-by: mihaibuzgau <mihaibuzgau@gmail.com>
@shizhMSFT shizhMSFT added the v1 Things belongs to version 1.x label Aug 19, 2022
shizhMSFT
shizhMSFT approved these changes Aug 19, 2022
View reviewed changes
Copy link
Contributor

@shizhMSFT shizhMSFT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@shizhMSFT shizhMSFT merged commit 3b21210 into oras-project:v1 Aug 19, 2022
@mihaibuzgau
Copy link
Author

thanks @shizhMSFT for merging this!

Are you still planning to release v1? if so, when can we get a new tag?

@shizhMSFT
Copy link
Contributor

@FeynmanZhou Could you help with the next release of v1?

@FeynmanZhou
Copy link
Member

FeynmanZhou commented Aug 23, 2022
edited

Hi @mihaibuzgau ,

Thanks for contributing to ORAS-go. Considering ORAS-go v2 is still experimental, ORAS-go v1 will be maintained by the ORAS community until ORAS v2 GA. Currently, ORAS-go v1 is not under active development, thus the ORAS community will only publish new releases to include necessary fixes at a low rate.

This CWE-843 fix is significant and it is only existing in v1. ORAS v2 has no dependency on the docker/distribution. We can prepare a new release for v1 to include this fix.

As ORAS-go v1 was released quarterly and the latest release was Jun 15, do you accept planning the next release of v1 in the mid of Sep?

@FeynmanZhou FeynmanZhou mentioned this pull request Aug 23, 2022
Closed
6 tasks
@mihaibuzgau
Copy link
Author

sounds good. Thanks @FeynmanZhou and @shizhMSFT !

@moshe-kabala moshe-kabala mentioned this pull request Aug 7, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shizhMSFT shizhMSFT shizhMSFT approved these changes

Assignees
No one assigned
Labels
v1 Things belongs to version 1.x
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@mihaibuzgau @shizhMSFT @FeynmanZhou