Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump golang.org/x/net to v0.36.0 #19526

Closed
ivanvc opened this issue Mar 4, 2025 · 1 comment
Closed

Bump golang.org/x/net to v0.36.0 #19526

ivanvc opened this issue Mar 4, 2025 · 1 comment
Assignees
@ivanvc
Labels
area/security priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. type/feature

Comments

@ivanvc
Copy link
Member

ivanvc commented Mar 4, 2025
edited
Loading

What would you like to be added?

golang.org/x/net was updated today to v0.36.0 to address CVE-2025-22870.

Our three release branches are directly dependent on golang.org/x/net (server). Given the upcoming release of v3.5 and v3.6, we should update the dependency to avoid having scanners showing security vulnerabilities once they get an assessment rating.

Why is this needed?

To address CVE-2025-22870 and improve our security stance.
@ivanvc ivanvc added area/security priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. type/feature labels Mar 4, 2025
@ivanvc ivanvc self-assigned this Mar 4, 2025
This was referenced Mar 5, 2025
Merged
Merged
Merged
Merged
@ivanvc
Copy link
Member Author

ivanvc commented Mar 5, 2025

Closing with all tasks complete.

@ivanvc ivanvc closed this as completed Mar 5, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ivanvc ivanvc

Labels
area/security priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. type/feature
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ivanvc