go1.22 release tracking VUL-0: CVE-2024-45341: go1.22,go1.23: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints VUL-0: CVE-2024-45336: go1.22,go1.23: net/http: sensitive headers incorrectly sent after cross-domain redirect jfkw moderate security

Security update for go1.22

This update for go1.22 fixes the following issues: - go1.22.11 (released 2025-01-16) includes security fixes to the crypto/x509 and net/http packages, as well as bug fixes to the runtime. Refs bsc#1218424 go1.22 release tracking CVE-2024-45341 CVE-2024-45336 * go#71207 go#71156 bsc#1236045 security: fix CVE-2024-45341 crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints * go#71210 go#70530 bsc#1236046 security: fix CVE-2024-45336 net/http: sensitive headers incorrectly sent after cross-domain redirect * go#71103 crypto/tls: TestVerifyConnection/TLSv12 failures * go#71146 internal/trace: TestTraceCPUProfile/Stress failures - Enable loongarch64 builds - go1.22.10 (released 2024-12-03) includes fixes to the runtime and the syscall package. Refs bsc#1218424 go1.22 release tracking * go#70201 syscall: SyscallN always escapes the variadic argument * go#70238 time: TestLoadFixed failures * go#70474 sync/atomic: TestNilDeref flaky failure on windows-386 with runtime fatal error - go1.22.9 (released 2024-11-06) includes fixes to the linker. Refs bsc#1218424 go1.22 release tracking * go#69745 runtime: TestGdbAutotmpTypes failures * go#69991 cmd/link: LC_UUID not generated by go linker, resulting in failure to access local network on macOS 15 * go#70124 cmd/cgo/internal/testcarchive: TestManyCalls failures - go1.22.8 (released 2024-10-01) includes fixes to cgo, and the maps and syscall packages. Refs bsc#1218424 go1.22 release tracking * go#69155 maps: segmentation violation in maps.Clone * go#69218 cmd/cgo: alignment issue with int128 inside of a struct * go#69366 syscall: TestAmbientCapsUserns fails on Ubuntu 24.04/Linux 6.8.0 go1.22