From be3825f1ff2e5840b98099ae18287c03a85c0a02 Mon Sep 17 00:00:00 2001 From: Narthana Epa Date: Fri, 14 Oct 2022 18:25:11 +1100 Subject: [PATCH 1/3] Bump version and CHANGELOG for 3.39.1 --- CHANGELOG.md | 6 ++++++ agent/version.go | 6 +++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 979aad2dbe..cee3413b64 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). +## [v3.39.1](https://github.com/buildkite/agent/tree/v3.39.1) (2022-10-14) +[Full Changelog](https://github.com/buildkite/agent/compare/v3.39.0...v3.39.1) + +### Security +- Replace use of export -p with a dedicated agent command for printing environment [#1781](https://github.com/buildkite/agent/pull/1781) (@moskyb) + ## [v3.39.0](https://github.com/buildkite/agent/tree/v3.39.0) (2022-09-08) [Full Changelog](https://github.com/buildkite/agent/compare/v3.38.0...v3.39.0) diff --git a/agent/version.go b/agent/version.go index 704d90d4ea..a0fef555c8 100644 --- a/agent/version.go +++ b/agent/version.go @@ -10,7 +10,11 @@ import "runtime" // // Pre-release builds' versions must be in the format `x.y-beta`, `x.y-beta.z` or `x.y-beta.z.a` -var baseVersion string = "3.39.0" +var baseVersion string = "3.39.1" + +// This comment is needed to prevent formatters from combining this `var` with the one above +// a step in the pipeline parses this file (as text) for lines of the form `var baseVersion string = ` +// See .builkite/steps/extract-base-version-metadata.sh:4 var buildVersion string = "" func Version() string { From 3e6ce9ba64a09f0351082611163e4399b8aec5be Mon Sep 17 00:00:00 2001 From: Narthana Epa Date: Fri, 14 Oct 2022 18:49:09 +1100 Subject: [PATCH 2/3] Update CHANGELOG.md Co-authored-by: Ben Moskovitz --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index cee3413b64..5221fcbd5e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,7 +9,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. [Full Changelog](https://github.com/buildkite/agent/compare/v3.39.0...v3.39.1) ### Security -- Replace use of export -p with a dedicated agent command for printing environment [#1781](https://github.com/buildkite/agent/pull/1781) (@moskyb) +- Fix security issue where in certain situations, agents using bash v5.2 could have some environment variables leak to job logs. See the [issue](https://github.com/buildkite/agent/issues/1780) and [our security advisory](https://buildkite.com/changelog/167-security-advisory-for-buildkite-agent-and-bash-5-dot-2) for more information. [#1781](https://github.com/buildkite/agent/pull/1781) (@moskyb) ## [v3.39.0](https://github.com/buildkite/agent/tree/v3.39.0) (2022-09-08) [Full Changelog](https://github.com/buildkite/agent/compare/v3.38.0...v3.39.0) From 3e323561f68ec831d18bdd4524fc8b3b0b960912 Mon Sep 17 00:00:00 2001 From: Narthana Epa Date: Fri, 14 Oct 2022 18:51:20 +1100 Subject: [PATCH 3/3] Add more credits --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5221fcbd5e..394f70c69e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,7 +9,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. [Full Changelog](https://github.com/buildkite/agent/compare/v3.39.0...v3.39.1) ### Security -- Fix security issue where in certain situations, agents using bash v5.2 could have some environment variables leak to job logs. See the [issue](https://github.com/buildkite/agent/issues/1780) and [our security advisory](https://buildkite.com/changelog/167-security-advisory-for-buildkite-agent-and-bash-5-dot-2) for more information. [#1781](https://github.com/buildkite/agent/pull/1781) (@moskyb) +- Fix security issue where in certain situations, agents using bash v5.2 could have some environment variables leak to job logs. See the [issue](https://github.com/buildkite/agent/issues/1780) and [our security advisory](https://buildkite.com/changelog/167-security-advisory-for-buildkite-agent-and-bash-5-dot-2) for more information. [#1781](https://github.com/buildkite/agent/pull/1781) (@moskyb + @triarius + @pda) ## [v3.39.0](https://github.com/buildkite/agent/tree/v3.39.0) (2022-09-08) [Full Changelog](https://github.com/buildkite/agent/compare/v3.38.0...v3.39.0)