STOR-2926: Rebase to v10.32.4 for OCP 4.23/5.0 by RomanBednar · Pull Request #31 · openshift/azure-storage-azcopy

RomanBednar · 2026-06-15T12:44:02Z

Upstream changelogs

Summary of changes

v10.32.3 (#3422)

Security fix: Fixed a vulnerability where a maliciously crafted SDDL could crash AzCopy on Linux (MSRC case #110341) (3c3aec83)
CVE-2026-33186: Updated packages to address CVE-2026-33186 (2ee49b77)
Altered intentional panics to return errors instead for better error handling (cf82e2e0)
Dependency updates for x/crypto, x/sync, x/sys, x/net, x/text, grpc

v10.32.4 (#3457)

CVE fixes: Addressed additional open CVEs (e61ec946)
Updated OpenTelemetry SDK (c3a3c0ad)
Removed 32-bit Windows ARM7 build target (c654478a)

Carried commits

Sha	Message	Decision
`0b16408`	UPSTREAM: <carry>: Add OpenShift files	cherry-pick (squashed with ART consistency commit)

Dropped commits

Sha	Message	Reason
`7bec157`	UPSTREAM: <carry>: ART consistency for 5.0	Squashed into Add OpenShift files

Diff to upstream: Azure/azure-storage-azcopy@v10.32.4...RomanBednar:azure-storage-azcopy:rebase-v10.32.4

Previous rebase: #28

cc @openshift/storage

Broken in Golang, removed in next major revision anyway.

Additional changes: - remove .github directory - remove .config dir - modify .gitignore to ignore executable files - add .snyk file - add vendor directory - go mod tidy && go mod vendor - update .ci-operator.yaml and Dockerfile for ART 5.0 consistency

openshift-ci-robot · 2026-06-15T12:44:07Z

@RomanBednar: This pull request references STOR-2926 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target only the "5.0.0" version, but multiple target versions were set.

Details

In response to this:

Upstream changelogs

v10.32.3

v10.32.4

Summary of changes

v10.32.3

Security fix: Fixed a vulnerability where a maliciously crafted SDDL could crash AzCopy on Linux (MSRC case #110341)

Altered intentional panics to return errors instead for better error handling

Dependency updates for x/crypto, x/sync, x/sys, x/net, x/text, grpc

v10.32.4

CVE fixes: Addressed additional open CVEs

Updated OpenTelemetry SDK

Removed 32-bit Windows ARM7 build target

Carried commits

Sha Message Decision

0b16408 UPSTREAM: : Add OpenShift files cherry-pick

7bec157 UPSTREAM: : Updating ose-azure-storage-azcopy-base-container image to be consistent with ART for 5.0 squash (into carry commit)

Diff to upstream: Azure/azure-storage-azcopy@v10.32.4...RomanBednar:azure-storage-azcopy:rebase-v10.32.4

Previous rebase: #28

cc @openshift/storage

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

coderabbitai · 2026-06-15T12:44:52Z

Walkthrough

This PR fixes a Linux crash caused by maliciously crafted SDDL by introducing an overflow-safe isRangeValid helper in sddl/sddlHelper_linux.go, converting two panics to errors in GetSDDL, and adding regression tests. Separately, it bumps AzcopyVersion to 10.32.4, upgrades Go to 1.26.3 with dependency updates, and removes the Windows ARMv7 (GOARCH=arm GOARM=7) build artifact from all pipeline files.

Changes

Linux SDDL Crash Fix (Vulnerability)

Layer / File(s)	Summary
`isRangeValid` helper and bounds check rewrites `sddl/sddlHelper_linux.go`	Adds `math` import and a new `isRangeValid(offset, length, descriptorLength)` overflow-safe helper; replaces direct `offset+size > len(sd)` checks for DACL/SACL/Owner/Group in `sdRelativeIsValid` and the dacloffset/ACE range checks in `getDaclString` with calls to `isRangeValid`; adjusts related comments.
GetSDDL panic-to-error conversion `ste/sourceInfoProvider-Local_linux.go`	Adds `errors` import; converts two `panic` call sites in `GetSDDL` to returning wrapped or new errors on descriptor conversion failure and SDDL sanity-check mismatch.
Regression tests for malicious SDDL input `sddl/sddlHelper_linux_test.go`	Adds Linux-only `TestMaliciousRelativeSDDLCrashPrevented` that constructs `SECURITY_DESCRIPTOR_RELATIVE` with `math.MaxUint32` out-of-bounds offsets, calls `sdRelativeIsValid` and `getDaclString` under `recover` wrappers, and asserts no panic plus expected error message content.

Release Housekeeping

Layer / File(s)	Summary
Version bump and dependency updates `common/version.go`, `go.mod`, `ChangeLog.md`	Bumps `AzcopyVersion` to `10.32.4`; upgrades Go toolchain to 1.26.3 and multiple indirect dependencies (`golang.org/x/`, OpenTelemetry, gRPC, `google.golang.org/`) in `go.mod`; adds Version 10.32.3 changelog entry covering dependency and vulnerability fix notes.
Remove Windows ARMv7 build artifact `azure-pipelines.yml`, `azurePipelineTemplates/build_windows.yml`, `build-1es-pipeline.yaml`	Removes the `GOARCH=arm GOARM=7` build step for `azcopy_windows_v7_arm.exe` from the main pipeline and Windows build template; removes the legacy executable deletion command from the `SignArtifacts` artifact staging script.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

🚥 Pre-merge checks | ✅ 15

✅ Passed checks (15 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly references the pull request's main objective: rebasing to v10.32.4 for OpenShift Container Platform 4.23/5.0, which aligns with the changeset containing version bumps and dependency updates.
Docstring Coverage	✅ Passed	Docstring coverage is 85.71% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	This repository does not use Ginkgo testing framework. No Ginkgo test definitions (It, Describe, Context, When) found. Check does not apply.
Test Structure And Quality	✅ Passed	The added test file uses standard Go testing (func TestMaliciousRelativeSDDLCrashPrevented(t *testing.T)) with testify assertions, not Ginkgo. The custom check is specific to Ginkgo test structure,...
Microshift Test Compatibility	✅ Passed	No Ginkgo e2e tests were added in this PR. The only new test file (sddl/sddlHelper_linux_test.go) is a standard Go unit test for SDDL handling, not an e2e test framework, and does not reference any...
Single Node Openshift (Sno) Test Compatibility	✅ Passed	This is the Azure Storage AzCopy utility repository, not an OpenShift test suite. The PR adds a standard Go unit test using testing.T package, not Ginkgo e2e tests. No Ginkgo framework is present i...
Topology-Aware Scheduling Compatibility	✅ Passed	This PR rebases AzCopy (a CLI tool for Azure Storage) with security fixes and dependency updates. It contains no deployment manifests, operator code, or Kubernetes controllers, and no topology-awar...
Ote Binary Stdout Contract	✅ Passed	This PR is for AzCopy (Azure Storage CLI tool), not an OTE test binary. The fmt.Printf calls found in sddl/sddlHelper_linux.go are in private utility functions called during normal runtime, not in...
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	No Ginkgo e2e tests were added in this PR. The repository uses standard Go testing.T framework. The new test file (sddl/sddlHelper_linux_test.go) contains a standard unit test, not a Ginkgo test, s...
No-Weak-Crypto	✅ Passed	No MD5, SHA1, DES, RC4, 3DES, Blowfish, ECB mode, custom crypto implementations, or non-constant-time secret comparisons were introduced in the PR. The security fix in sddl/sddlHelper_linux.go impr...
Container-Privileges	✅ Passed	No Kubernetes manifests or container security context configurations containing privileged settings (privileged: true, hostPID, hostNetwork, hostIPC, SYS_ADMIN, allowPrivilegeEscalation) were found...
No-Sensitive-Data-In-Logs	✅ Passed	No sensitive data (passwords, tokens, API keys, PII, session IDs, credentials) exposed in logs. Only technical error details and file paths used in normal error context.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests

_{Comment @coderabbitai help to get the list of available commands.}

openshift-ci · 2026-06-15T12:46:09Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: RomanBednar

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

~~OWNERS~~ [RomanBednar]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

coderabbitai

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@go.mod`:
- Line 102: Update the pinned versions of golang.org/x/crypto and
golang.org/x/net in go.mod to patch known CVEs. Upgrade golang.org/x/crypto from
v0.51.0 to v0.52.0 to address CVE-2026-42508, CVE-2026-46595, and
CVE-2026-39834. Upgrade golang.org/x/net from v0.54.0 to v0.55.0 or later to
address CVE-2026-39821, CVE-2026-25680, and CVE-2026-25681. Update the require
statements for these packages in go.mod and run go mod tidy to ensure
consistency.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

Push a commit to this branch (recommended)
Create a new PR with the fixes

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 515592f2-fb43-4111-8fac-fe42f8fa1d0a

📥 Commits

Reviewing files that changed from the base of the PR and between 0089f0e and dc3f52a.

⛔ Files ignored due to path filters (291)

go.sum is excluded by !**/*.sum
vendor/github.com/cncf/xds/go/udpa/annotations/migrate.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/cncf/xds/go/udpa/annotations/security.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/cncf/xds/go/udpa/annotations/sensitive.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/cncf/xds/go/udpa/annotations/status.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/cncf/xds/go/udpa/annotations/versioning.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/cncf/xds/go/udpa/type/v1/typed_struct.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/cncf/xds/go/xds/annotations/v3/migrate.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/cncf/xds/go/xds/annotations/v3/security.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/cncf/xds/go/xds/annotations/v3/sensitive.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/cncf/xds/go/xds/annotations/v3/status.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/cncf/xds/go/xds/annotations/v3/versioning.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/cncf/xds/go/xds/core/v3/authority.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/cncf/xds/go/xds/core/v3/cidr.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/cncf/xds/go/xds/core/v3/collection_entry.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/cncf/xds/go/xds/core/v3/context_params.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/cncf/xds/go/xds/core/v3/extension.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/cncf/xds/go/xds/core/v3/resource.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/cncf/xds/go/xds/core/v3/resource_locator.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/cncf/xds/go/xds/core/v3/resource_name.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/cncf/xds/go/xds/data/orca/v3/orca_load_report.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/cncf/xds/go/xds/service/orca/v3/orca.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/cncf/xds/go/xds/service/orca/v3/orca_grpc.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/cncf/xds/go/xds/type/matcher/v3/cel.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/cncf/xds/go/xds/type/matcher/v3/domain.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/cncf/xds/go/xds/type/matcher/v3/http_inputs.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/cncf/xds/go/xds/type/matcher/v3/ip.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/cncf/xds/go/xds/type/matcher/v3/matcher.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/cncf/xds/go/xds/type/matcher/v3/range.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/cncf/xds/go/xds/type/matcher/v3/regex.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/cncf/xds/go/xds/type/matcher/v3/string.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/cncf/xds/go/xds/type/v3/cel.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/cncf/xds/go/xds/type/v3/range.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/cncf/xds/go/xds/type/v3/typed_struct.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/admin/v3/certs.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/admin/v3/certs.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/admin/v3/clusters.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/admin/v3/clusters.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/admin/v3/config_dump.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/admin/v3/config_dump.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/admin/v3/config_dump_shared.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/admin/v3/config_dump_shared.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/admin/v3/init_dump.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/admin/v3/init_dump.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/admin/v3/listeners.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/admin/v3/listeners.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/admin/v3/memory.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/admin/v3/memory.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/admin/v3/metrics.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/admin/v3/metrics.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/admin/v3/mutex_stats.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/admin/v3/mutex_stats.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/admin/v3/server_info.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/admin/v3/server_info.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/admin/v3/server_info_vtproto.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/admin/v3/tap.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/admin/v3/tap.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/annotations/deprecation.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/annotations/resource.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/annotations/resource.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/accesslog/v3/accesslog.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/accesslog/v3/accesslog.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/bootstrap/v3/bootstrap.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/bootstrap/v3/bootstrap.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/bootstrap/v3/bootstrap_vtproto.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3/circuit_breaker.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3/circuit_breaker.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3/cluster.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3/cluster.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3/cluster_vtproto.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3/filter.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3/filter.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3/outlier_detection.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3/outlier_detection.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/common/matcher/v3/matcher.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/common/matcher/v3/matcher.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/common/mutation_rules/v3/mutation_rules.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/common/mutation_rules/v3/mutation_rules.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/address.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/address.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/backoff.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/backoff.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/base.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/base.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/cel.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/cel.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/cel_vtproto.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/config_source.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/config_source.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/event_service_config.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/event_service_config.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/extension.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/extension.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/grpc_method_list.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/grpc_method_list.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/grpc_service.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/grpc_service.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/health_check.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/health_check.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/http_service.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/http_service.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/http_uri.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/http_uri.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/protocol.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/protocol.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/protocol_vtproto.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/proxy_protocol.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/proxy_protocol.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/resolver.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/resolver.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/socket_cmsg_headers.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/socket_cmsg_headers.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/socket_option.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/socket_option.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/substitution_format_string.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/substitution_format_string.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/udp_socket_config.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/udp_socket_config.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3/endpoint.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3/endpoint.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3/endpoint_components.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3/endpoint_components.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3/load_report.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3/load_report.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/listener/v3/api_listener.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/listener/v3/api_listener.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/listener/v3/listener.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/listener/v3/listener.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/listener/v3/listener_components.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/listener/v3/listener_components.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/listener/v3/listener_vtproto.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/listener/v3/quic_config.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/listener/v3/quic_config.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/listener/v3/quic_config_vtproto.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/listener/v3/udp_listener_config.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/listener/v3/udp_listener_config.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/metrics/v3/metrics_service.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/metrics/v3/metrics_service.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/metrics/v3/metrics_service_vtproto.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/metrics/v3/stats.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/metrics/v3/stats.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/overload/v3/overload.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/overload/v3/overload.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/rbac/v3/rbac.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/rbac/v3/rbac.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/rbac/v3/rbac_vtproto.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/route/v3/route.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/route/v3/route.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/route/v3/route_components.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/route/v3/route_components.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/route/v3/route_components_vtproto.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/route/v3/route_vtproto.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/route/v3/scoped_route.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/route/v3/scoped_route.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/tap/v3/common.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/tap/v3/common.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/trace/v3/datadog.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/trace/v3/datadog.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/trace/v3/dynamic_ot.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/trace/v3/dynamic_ot.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/trace/v3/http_tracer.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/trace/v3/http_tracer.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/trace/v3/lightstep.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/trace/v3/lightstep.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/trace/v3/opentelemetry.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/trace/v3/opentelemetry.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/trace/v3/service.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/trace/v3/service.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/trace/v3/skywalking.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/trace/v3/skywalking.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/trace/v3/trace.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/trace/v3/xray.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/trace/v3/xray.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/trace/v3/zipkin.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/config/trace/v3/zipkin.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/data/accesslog/v3/accesslog.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/data/accesslog/v3/accesslog.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/clusters/aggregate/v3/cluster.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/clusters/aggregate/v3/cluster.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/filters/common/fault/v3/fault.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/filters/common/fault/v3/fault.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/fault/v3/fault.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/fault/v3/fault.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/rbac/v3/rbac.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/rbac/v3/rbac.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/router/v3/router.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/router/v3/router.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/router/v3/router_vtproto.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager_vtproto.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/load_balancing_policies/common/v3/common.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/load_balancing_policies/common/v3/common.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/load_balancing_policies/least_request/v3/least_request.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/load_balancing_policies/least_request/v3/least_request.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/load_balancing_policies/pick_first/v3/pick_first.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/load_balancing_policies/pick_first/v3/pick_first.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/load_balancing_policies/wrr_locality/v3/wrr_locality.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/load_balancing_policies/wrr_locality/v3/wrr_locality.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/rbac/audit_loggers/stream/v3/stream.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/rbac/audit_loggers/stream/v3/stream.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3/cert.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3/common.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3/common.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3/secret.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3/secret.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3/tls.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3/tls.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3/ads.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3/ads.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3/ads_grpc.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3/discovery.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3/discovery.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/service/load_stats/v3/lrs.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/service/load_stats/v3/lrs.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/service/load_stats/v3/lrs_grpc.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/service/status/v3/csds.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/service/status/v3/csds.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/service/status/v3/csds_grpc.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/http/v3/cookie.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/http/v3/cookie.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/http/v3/path_transformation.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/http/v3/path_transformation.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3/address.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3/address.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3/filter_state.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3/filter_state.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3/http_inputs.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3/http_inputs.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3/metadata.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3/metadata.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3/node.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3/node.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3/number.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3/number.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3/path.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3/path.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3/regex.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3/regex.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3/status_code_input.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3/status_code_input.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3/string.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3/string.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3/struct.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3/struct.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3/value.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3/value.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/metadata/v3/metadata.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/metadata/v3/metadata.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/tracing/v3/custom_tag.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/tracing/v3/custom_tag.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/tracing/v3/custom_tag_vtproto.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/v3/hash_policy.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/v3/hash_policy.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/v3/http.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/v3/http_status.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/v3/http_status.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/v3/percent.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/v3/percent.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/v3/range.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/v3/range.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/v3/ratelimit_strategy.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/v3/ratelimit_strategy.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/v3/ratelimit_unit.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/v3/semantic_version.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/v3/semantic_version.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/v3/token_bucket.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/go-control-plane/envoy/type/v3/token_bucket.pb.validate.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/envoyproxy/protoc-gen-validate/validate/BUILD is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-jose/go-jose/v4/asymmetric.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-jose/go-jose/v4/cipher/key_wrap.go is excluded by !**/vendor/**, !vendor/**
vendor/github.com/go-jose/go-jose/v4/symmetric.go is excluded by !**/vendor/**, !vendor/**
vendor/go.opentelemetry.io/contrib/detectors/gcp/cloud-function.go is excluded by !**/vendor/**, !vendor/**
vendor/go.opentelemetry.io/contrib/detectors/gcp/cloud-run.go is excluded by !**/vendor/**, !vendor/**
vendor/go.opentelemetry.io/contrib/detectors/gcp/detector.go is excluded by !**/vendor/**, !vendor/**
vendor/go.opentelemetry.io/contrib/detectors/gcp/gce.go is excluded by !**/vendor/**, !vendor/**
vendor/go.opentelemetry.io/contrib/detectors/gcp/gke.go is excluded by !**/vendor/**, !vendor/**
vendor/go.opentelemetry.io/contrib/detectors/gcp/version.go is excluded by !**/vendor/**, !vendor/**
vendor/go.opentelemetry.io/otel/.golangci.yml is excluded by !**/vendor/**, !vendor/**
vendor/go.opentelemetry.io/otel/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
vendor/go.opentelemetry.io/otel/CONTRIBUTING.md is excluded by !**/vendor/**, !vendor/**
vendor/go.opentelemetry.io/otel/Makefile is excluded by !**/vendor/**, !vendor/**
vendor/go.opentelemetry.io/otel/README.md is excluded by !**/vendor/**, !vendor/**
vendor/go.opentelemetry.io/otel/RELEASING.md is excluded by !**/vendor/**, !vendor/**
vendor/go.opentelemetry.io/otel/attribute/encoder.go is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (9)

ChangeLog.md
azure-pipelines.yml
azurePipelineTemplates/build_windows.yml
build-1es-pipeline.yaml
common/version.go
go.mod
sddl/sddlHelper_linux.go
sddl/sddlHelper_linux_test.go
ste/sourceInfoProvider-Local_linux.go

💤 Files with no reviewable changes (3)

build-1es-pipeline.yaml
azure-pipelines.yml
azurePipelineTemplates/build_windows.yml

coderabbitai · 2026-06-15T12:53:43Z

CVE-2026-42508

 replace github.com/Azure/azure-sdk-for-go/sdk/storage/azfile => github.com/Azure/azure-sdk-for-go/sdk/storage/azfile v1.5.2-0.20250507070125-9e8eb1f00372

-go 1.25.7
+go 1.26.3


⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🌐 Web query:

Go 1.26.3 release status and CVE advisories for golang.org/x/crypto 0.51.0, golang.org/x/oauth2 0.36.0, golang.org/x/net 0.54.0

💡 Result:

As of June 15, 2026, the status of the requested Go components and release information is as follows: Go 1.26.3 Release Status Go 1.26.3 was released on May 7, 2026 [1][2]. It is a security-focused minor point release that addresses multiple vulnerabilities within the go command, the pack tool, and various standard library packages (including net, net/http, and others) [1]. CVE Advisories and Security Status 1. golang.org/x/crypto v0.51.0 This version is affected by multiple security vulnerabilities. Specifically, versions prior to v0.52.0 have been identified as vulnerable to several issues, including authorization bypasses in the ssh and ssh/knownhosts functionalities (e.g., CVE-2026-42508, CVE-2026-46595) [3][4] and an integer overflow vulnerability (CVE-2026-39834) [5]. Version v0.52.0 was released to address these issues [6]. 2. golang.org/x/oauth2 v0.36.0 There are no CVEs specifically listed for v0.36.0 in current security databases; however, the package has a history of security reports. For example, previous versions were vulnerable to improper validation of token syntax (GO-2025-3488), which was fixed in v0.27.0 [7][8]. Users should verify if their specific implementation requires further updates, though v0.36.0 is a recent version as of February 2026 [9]. 3. golang.org/x/net v0.54.0 This version is affected by several security vulnerabilities that were addressed in subsequent releases (v0.55.0 and later) [10][11][12][13]. Reported issues include: - GO-2026-5026 / CVE-2026-39821: Improper handling of Punycode-encoded labels in idna [12]. - GO-2026-5028 / CVE-2026-25680: Denial of Service due to excessive CPU consumption when parsing arbitrary HTML [13]. - GO-2026-5029 / CVE-2026-25681: Potential for XSS attacks due to incorrect character reference handling in html [11]. Users are advised to upgrade to the latest stable version of golang.org/x/net to mitigate these risks [10].

Citations:

1: https://go.dev/doc/devel/release

2: https://golang-org.appspot.com/go.dev/doc/devel/release

3: https://intel.aikido.dev/cve/AIKIDO-2026-11027

4: https://intel.aikido.dev/cve/AIKIDO-2026-11022

5: https://intel.aikido.dev/cve/AIKIDO-2026-11028

6: https://www.openwall.com/lists/oss-security/2026/05/22/6

7: https://osv.dev/vulnerability/GHSA-6v2p-p543-phr9

8: https://osv.dev/GO-2025-3488

9: https://pkg.go.dev/golang.org/x/oauth2@v0.36.0

10: https://pkg.go.dev/golang.org/x/net@v0.54.0

11: https://osv.dev/vulnerability/GO-2026-5029

12: https://osv.dev/vulnerability/GO-2026-5026

13: https://pkg.go.dev/vuln/GO-2026-5028

Upgrade golang.org/x/crypto and golang.org/x/net to patch known CVEs.

Go 1.26.3 is a valid official release (May 7, 2026). However, the PR pins vulnerable dependency versions with known CVEs:

golang.org/x/crypto v0.51.0: Affected by CVE-2026-42508, CVE-2026-46595 (SSH authorization bypasses), and CVE-2026-39834 (integer overflow). Upgrade to v0.52.0 (released May 22, 2026).

golang.org/x/net v0.54.0: Affected by CVE-2026-39821 (Punycode handling in IDNA), CVE-2026-25680 (HTML parsing DoS), and CVE-2026-25681 (HTML character reference XSS). Upgrade to v0.55.0 or later.

Per supply chain security guidelines, flag and remediate known CVEs in pinned versions before merge.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@go.mod` at line 102, Update the pinned versions of golang.org/x/crypto and golang.org/x/net in go.mod to patch known CVEs. Upgrade golang.org/x/crypto from v0.51.0 to v0.52.0 to address CVE-2026-42508, CVE-2026-46595, and CVE-2026-39834. Upgrade golang.org/x/net from v0.54.0 to v0.55.0 or later to address CVE-2026-39821, CVE-2026-25680, and CVE-2026-25681. Update the require statements for these packages in go.mod and run go mod tidy to ensure consistency.

openshift-ci · 2026-06-15T13:06:06Z

@RomanBednar: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

adreed-msft and others added 14 commits March 23, 2026 10:43

Update offending packages

2ee49b7

Correct issues re: MSRC case #110341

3c3aec8

Alter intentional panics to return errors

cf82e2e

Changelog

f314f11

Add test to validate changes

704718e

Satiate the clanker

3d4ada9

Error formatting

5bd126e

version.go

e3c0e0c

Update packages and add patch version

a6c4104

update otel sdk

c3a3c0a

Cover other open CVEs

e61ec94

Remove 32-bit Windows ARM7 build

c654478

Broken in Golang, removed in next major revision anyway.

Merge remote-tracking branch 'openshift/main' into rebase-v10.32.4

7afbe25

openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Jun 15, 2026

openshift-ci Bot requested review from jsafrane and tsmetana June 15, 2026 12:46

openshift-ci Bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 15, 2026

coderabbitai Bot reviewed Jun 15, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

STOR-2926: Rebase to v10.32.4 for OCP 4.23/5.0#31

STOR-2926: Rebase to v10.32.4 for OCP 4.23/5.0#31
RomanBednar wants to merge 14 commits into
openshift:mainfrom
RomanBednar:rebase-v10.32.4

RomanBednar commented Jun 15, 2026 •

edited

Loading

Uh oh!

openshift-ci-robot commented Jun 15, 2026 •

edited by openshift-ci Bot

Loading

Upstream changelogs

Summary of changes

v10.32.3

v10.32.4

Carried commits

Uh oh!

coderabbitai Bot commented Jun 15, 2026 •

edited

Loading

Uh oh!

openshift-ci Bot commented Jun 15, 2026

Uh oh!

coderabbitai Bot left a comment

Uh oh!

coderabbitai Bot Jun 15, 2026

Uh oh!

openshift-ci Bot commented Jun 15, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Uh oh!

Conversation

RomanBednar commented Jun 15, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Upstream changelogs

Summary of changes

v10.32.3 (#3422)

v10.32.4 (#3457)

Carried commits

Dropped commits

Uh oh!

openshift-ci-robot commented Jun 15, 2026 • edited by openshift-ci Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Upstream changelogs

Summary of changes

v10.32.3

v10.32.4

Carried commits

Uh oh!

coderabbitai Bot commented Jun 15, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Walkthrough

Changes

Estimated code review effort

Uh oh!

openshift-ci Bot commented Jun 15, 2026

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot Jun 15, 2026

Choose a reason for hiding this comment

Uh oh!

openshift-ci Bot commented Jun 15, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

RomanBednar commented Jun 15, 2026 •

edited

Loading

openshift-ci-robot commented Jun 15, 2026 •

edited by openshift-ci Bot

Loading

coderabbitai Bot commented Jun 15, 2026 •

edited

Loading