Mark Pruett

**What would you like to be added**: When an upstream security patch is added we'd like to be notified in case we need to pull it in and cut our...

**What would you like to be added**: **Why is this needed**:

**What would you like to be added**: Our [list of flakes](https://github.com/aws/eks-distro/blob/main/projects/kubernetes/kubernetes/top_flakes) should be updated from the [upstream list](https://github.com/aws/eks-distro/blob/main/projects/kubernetes/kubernetes/build/run_tests.sh) https://github.com/kubernetes/community/blob/master/contributors/devel/sig-testing/flaky-tests.md Let's also consider breaking this down by release version instead of...

Fix broken changelog links in release announcements

2

The changelog links go to a 404. Correct these to link to the files correctly. Example: https://github.com/aws/eks-distro/releases Is this because we reuse the same text for the docs site and...

net/http/httputil: ReverseProxy should not forward unparseable query parameters [go1.15 backport] - CVE-2022-2880

1

From [Golang security announcement](https://groups.google.com/g/golang-announce/c/xtuG5faxtaU): Requests forwarded by ReverseProxy included the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This could permit query parameter smuggling when...

regexp/syntax: limit memory used by parsing regexps [go1.15 backport] - CVE-2022-41715

1

From [Golang security announcement](https://groups.google.com/g/golang-announce/c/xtuG5faxtaU): The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making...

net/http/httputil: ReverseProxy should not forward unparseable query parameters [go1.16 backport] - CVE-2022-2880

1

From [Golang security announcement](https://groups.google.com/g/golang-announce/c/xtuG5faxtaU): Requests forwarded by ReverseProxy included the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This could permit query parameter smuggling when...

The following patch files don't reference the CVEs they fix. Add it in[ like this](https://github.com/aws/eks-distro-build-tooling/blob/4ad2629be510713ffc9ae8bfd15d755b19918b9d/projects/golang/go/1.15/patches/0016-go-1.15.15-eks-syscall-check-correct-group-in.patch#L14) * https://github.com/aws/eks-distro-build-tooling/blob/main/projects/golang/go/1.16/patches/0008-go-1.16.15-eks-math-big-check-buffer-lengths-.patch * https://github.com/aws/eks-distro-build-tooling/blob/main/projects/golang/go/1.16/patches/0001-crypto-elliptic-tolerate-zero-padded-scalars-in-gene.patch CVE-2022-29526 * https://github.com/aws/eks-distro-build-tooling/blob/main/projects/golang/go/1.16/patches/0010-go-1.16.15-eks-syscall-check-correct-group-in.patch