Skip to content

fix(security): remediate CVE vulnerabilities#301

Merged
ulucinar merged 1 commit intorelease-0.10from
fix/cve-remediation-release-0.10-20260316-223551
Mar 16, 2026
Merged

fix(security): remediate CVE vulnerabilities#301
ulucinar merged 1 commit intorelease-0.10from
fix/cve-remediation-release-0.10-20260316-223551

Conversation

@upbound-bot
Copy link

@upbound-bot upbound-bot commented Mar 16, 2026

Summary

This PR fixes CVE vulnerabilities identified by security scanning.

Vulnerabilities Fixed

CVE/GHSA Severity Package Fixed Version
CVE-2026-25679 High stdlib go1.25.8
CVE-2026-27142 High stdlib go1.25.8
CVE-2026-27139 Low stdlib go1.25.8

Changes Made

  • Updated Go version from 1.24.13 to 1.25.8 in go.mod
  • Updated GO_VERSION in .github/workflows/ci.yml from 1.24.13 to 1.25.8
  • Ran go mod tidy to update go.sum

References

Verification

  • Rescanned with cve-scan skill after fixes
  • All listed vulnerabilities resolved

@ulucinar
fix(security): remediate CVE vulnerabilities
e6e106b 
- Update Go version to 1.25.8 (fixes CVE-2026-25679, CVE-2026-27142,
  CVE-2026-27139)

Signed-off-by: Alper Rifat Ulucinar <ulucinar@users.noreply.github.com>
@ulucinar ulucinar merged commit 72c6122 into release-0.10 Mar 16, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ulucinar ulucinar ulucinar approved these changes

@sergenyalcin sergenyalcin Awaiting requested review from sergenyalcin sergenyalcin is a code owner

@turkenf turkenf Awaiting requested review from turkenf turkenf is a code owner

@negz negz Awaiting requested review from negz negz is a code owner

@phisco phisco Awaiting requested review from phisco phisco is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@upbound-bot @ulucinar