JoinPath and URL.JoinPath would not remove ../ path components appended to a relative path. For example, JoinPath("https://go.dev", "../go") returned the URL https://go.dev/../go, despite the JoinPath documentation stating that ../ path elements are cleaned from the result. References: https://go.dev/issue/54385 https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ Upstream Commits: Master : https://github.com/golang/go/commit/0765da5884adcc8b744979303a36a27092d8fc51 Branch.go1.19 : https://github.com/golang/go/commit/28335508913a46e05ef0c04a18e8a1a6beb775ec
Created golang tracking bugs for this issue: Affects: epel-all [bug 2126657] Affects: fedora-all [bug 2126658]
This issue has been addressed in the following products: OADP-1.1-RHEL-8 Via RHSA-2022:8634 https://access.redhat.com/errata/RHSA-2022:8634
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-32190
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2022:7399 https://access.redhat.com/errata/RHSA-2022:7399
This issue has been addressed in the following products: RHOL-5.6-RHEL-8 Via RHSA-2023:0264 https://access.redhat.com/errata/RHSA-2023:0264
This issue has been addressed in the following products: Red Hat Migration Toolkit for Containers 1.7 Via RHSA-2023:0693 https://access.redhat.com/errata/RHSA-2023:0693
This issue has been addressed in the following products: RHEL-9-CNV-4.13 RHEL-7-CNV-4.13 RHEL-8-CNV-4.13 Via RHSA-2023:3204 https://access.redhat.com/errata/RHSA-2023:3204
This issue has been addressed in the following products: RHEL-9-CNV-4.13 Via RHSA-2023:3205 https://access.redhat.com/errata/RHSA-2023:3205
This issue has been addressed in the following products: OSSO-1.1-RHEL-8 Via RHSA-2023:0584 https://access.redhat.com/errata/RHSA-2023:0584
This issue has been addressed in the following products: Red Hat Ceph Storage 6.1 Via RHSA-2023:3642 https://access.redhat.com/errata/RHSA-2023:3642
This issue has been addressed in the following products: RHODF-4.13-RHEL-9 Via RHSA-2023:3742 https://access.redhat.com/errata/RHSA-2023:3742
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2023:3613 https://access.redhat.com/errata/RHSA-2023:3613
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2024:0485 https://access.redhat.com/errata/RHSA-2024:0485