Release 2.12.6

tarantool · Jul 12, 2023 · ec191fe · ec191fe
1 parent 7e8b174
commit ec191fe
Showing 1 changed file with 47 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,53 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## [2.12.6] - 2023-07-12
+
+### Fixed
+
+- `cartridge enter` now does not crash on `\q` input.
+
+### Changed
+
+- Updated the go version used to build the binary, that fixes known security issues.
+  List of List of known issues:
+
+  +-------------------+---------------------------------------+----------------+
+  |        CVE        |         Infected Version              |  Fix Version   |
+  +-------------------+---------------------------------------+----------------+
+  | CVE-2023-24538    | < 1.19.8,1.20.0-0 ≤ Ver < 1.20.3      | 1.19.8,1.20.3  |
+  | CVE-2023-24540    | < 1.19.9,1.20.0-0 ≤ Ver < 1.20.4      | 1.19.9,1.20.4  |
+  | CVE-2022-30635    | < 1.17.12,1.18.0-0 ≤ Ver < 1.18.4     | 1.17.12,1.18.4 |
+  | CVE-2022-28131    | < 1.17.12,1.18.0 ≤ Ver < 1.18.4       | 1.17.12,1.18.4 |
+  | CVE-2022-30580    | < 1.17.11,1.18.0-0 ≤ Ver < 1.18.3     | 1.17.11,1.18.3 |
+  | CVE-2023-24534    | < 1.19.8,1.20.0-0 ≤ Ver < 1.20.3      | 1.19.8,1.20.3  |
+  | CVE-2022-41724    | < 1.19.6,1.20.0-0 ≤ Ver < 1.20.1      | 1.19.6,1.20.1  |
+  | CVE-2022-30633    | < 1.17.12,1.18.0-0 ≤ Ver < 1.18.4     | 1.17.12,1.18.4 |
+  | CVE-2022-30630    | < 1.17.12,1.18.0-0 ≤ Ver < 1.18.4     | 1.17.12,1.18.4 |
+  | CVE-2022-29804    | < 1.17.11,1.18.0 ≤ Ver < 1.18.3       | 1.17.11,1.18.3 |
+  | CVE-2023-24539    | < 1.19.9,1.20.0-0 ≤ Ver < 1.20.4      | 1.19.9,1.20.4  |
+  | CVE-2022-41725    | < 1.19.6,1.20.0-0 ≤ Ver < 1.20.1      | 1.19.6,1.20.1  |
+  | CVE-2023-29400    | < 1.19.9,1.20.0-0 ≤ Ver < 1.20.4      | 1.19.9,1.20.4  |
+  | CVE-2022-41722    | < 1.19.6,1.20.0-0 ≤ Ver < 1.20.1      | 1.19.6,1.20.1  |
+  | CVE-2022-32189    | < 1.17.13,1.18.0-0 ≤ Ver < 1.18.5     | 1.17.13,1.18.5 |
+  | CVE-2022-2880     | < 1.18.7,1.19.0-0 ≤ Ver < 1.19.2      | 1.18.7,1.19.2  |
+  | CVE-2022-30631    | < 1.17.12,1.18.0 ≤ Ver < 1.18.4       | 1.17.12,1.18.4 |
+  | CVE-2022-41716    | < 1.18.8,1.19.0-0 ≤ Ver < 1.19.3      | 1.18.8,1.19.3  |
+  | CVE-2022-2879     | < 1.18.7,1.19.0-0 ≤ Ver < 1.19.2      | 1.18.7,1.19.2  |
+  | CVE-2022-41715    | < 1.18.7,1.19.0-0 ≤ Ver < 1.19.2      | 1.18.7,1.19.2  |
+  | CVE-2023-24536    | < 1.19.8,1.20.0-0 ≤ Ver < 1.20.3      | 1.19.8,1.20.3  |
+  | CVE-2022-30634    | < 1.17.11,1.18.0-0 ≤ Ver < 1.18.3     | 1.17.11,1.18.3 |
+  | CVE-2022-30632    | < 1.17.12,1.18.0 ≤ Ver < 1.18.4       | 1.17.12,1.18.4 |
+  | CVE-2022-41720    | < 1.18.9,1.19.0-0 ≤ Ver < 1.19.4      | 1.18.9,1.19.4  |
+  | CVE-2023-24537    | < 1.19.8,1.20.0-0 ≤ Ver < 1.20.3      | 1.19.8,1.20.3  |
+  | CVE-2022-32148    | < 1.17.12,1.18.0-0 ≤ Ver < 1.18.4     | 1.17.12,1.18.4 |
+  | CVE-2023-24532    | < 1.19.7,1.20.0-0 ≤ Ver < 1.20.2      | 1.19.7,1.20.2  |
+  | CVE-2022-1705     | < 1.17.12,1.18.0-0 ≤ Ver < 1.18.4     | 1.17.12,1.18.4 |
+  | CVE-2022-1962     | < 1.17.12,1.18.0 ≤ Ver < 1.18.4       | 1.17.12,1.18.4 |
+  | CVE-2022-30636    | ≤ 1.18.3                              | 1.18.4         |
+  | CVE-2022-30629    | < 1.17.11,1.18.0-0 ≤ Ver < 1.18.3     | 1.17.11,1.18.3 |
+  +-------------------+---------------------------------------+----------------+
+
 ## [2.12.5] - 2023-04-25
 
 ### Changed
@@ -16,7 +63,6 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Fixed
 
 - Fixed support for instance names as application name and names with dots.
-- `cartridge enter` now does not crash on `\q` input.
 
 ## [2.12.4] - 2022-12-31