Skip to content

upgrade aws-sdk-go to v1.55.7 #7884

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

upgrade aws-sdk-go to v1.55.7 #7884

wants to merge 3 commits into from

Conversation

Apurer
Copy link

@Apurer Apurer commented Jun 8, 2025

What changed?

Upgraded github.com/aws/aws-sdk-go from v1.55.6 to v1.55.7 to resolve CVE-2020-8911. This security vulnerability affects S3 operations and could potentially allow unauthorized access to S3 objects. The upgrade includes security fixes and maintains full backward compatibility.

Why?

CVE-2020-8911 is a security vulnerability in the AWS SDK Go S3 service that could allow attackers to perform unauthorized S3 operations. The vulnerability was fixed in version v1.55.7. This upgrade is necessary to:

  • Eliminate the security risk for deployments using S3 archiving
  • Ensure compliance with security best practices
  • Maintain system security for production environments

How did you test it?

  • built
  • run locally and tested manually
  • covered by existing tests
  • added new unit test(s)
  • added new functional test(s)

Testing performed:

  • Verified all main binaries build successfully (temporal-server, temporal-cassandra-tool, temporal-sql-tool, tdbg)
  • Ran comprehensive test suites for S3 archiver (39 test cases passed)
  • Tested archiver functionality for both history and visibility storage
  • Verified Elasticsearch AWS client compatibility
  • Confirmed module integrity with go mod verify
  • Tested Docker container builds and binary execution
  • Verified AWS SDK version in built binaries shows v1.55.7
  • Ran persistence layer and service layer tests
  • Confirmed no regression in existing functionality

Potential risks

Low risk change: This is a patch-level dependency upgrade that maintains API compatibility. The AWS SDK v1.55.7 release specifically focuses on security fixes without breaking changes.

Potential risks:

  • Minor behavioral changes in AWS S3 operations (unlikely but possible)
  • Performance characteristics may vary slightly with the new SDK version
  • Dependencies on specific SDK bugs/behaviors could be affected

Mitigation:

  • Comprehensive testing performed on all archiver functionality
  • No API changes in the upgrade path
  • Change can be reverted easily if issues arise
  • All existing tests continue to pass

@Apurer Apurer requested a review from a team as a code owner June 8, 2025 19:44
@Apurer Apurer changed the title Feature/aws sdk go upgrade aws-sdk-go to v1.55.7 Jun 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Apurer