Tracking: golang CVE CVE-2021-44716 / CVE-2021-44717

[knisbet]

Gravity web server is likely vulnerable to the H2 vulnerability in this morning golang announcement. Tracking bump of the golang release:

Golang announcement: https://groups.google.com/g/golang-announce/c/hcmEScgc00k

[bernardjkim]

Updated to Go 1.17.5 in master branch #2694. Does this need to be back ported to older versions?

[knisbet]

Updated to Go 1.17.5 in master branch #2694. Does this need to be back ported to older versions?

Yea, it should be backported to each LTS release in use by enterprise customers. So 8, 7, 5.