Build with Go 1.25.7 to address some CVEs in 1.25.0

XMLWordPrintableJSON

    • Type: Task
    • Resolution: Done
    • Priority: Major - P3
    • 100.15.0
    • Affects Version/s: None
    • Component/s: None
    • 1
    • Tools and Replicator
    • 0.25

      A customer scanner has identified 3 CVEs based on our use of Go 1.25.0:

      • CVE-2025-61726 - no effect on the tools because they don't parse forms
      • CVE-2025-61728 - no effect on the tools because they don't touch ZIP files
      • CVE-2025-68121 - no effect on the tools because they don't call the relevant tls package APIs, nor does the Go driver

      Go 1.25.7 contains fixes for all of these.

            Assignee:
            Dave Rolsky
            Reporter:
            Dave Rolsky
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: