Recent CVE for Golang dropped in a patch release today for the 1.20 and 1.21 versions:
Task here is to hotfix bump the dev-lang/go versions in tree to 1.21.3 and 1.20.10 to pick up these changes:
- go1.21.3 (released 2023-10-10) includes a security fix to the net/http package. See the Go 1.21.3 milestone on our issue tracker for details.
- go1.20.10 (released 2023-10-10) includes a security fix to the net/http package. See the Go 1.20.10 milestone on our issue tracker for details.