Skip to content

upgrade go to 1.25.5 to fix GO-2025-4155 #2846

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
rdimitrov merged 3 commits into from
Dec 3, 2025
Merged

upgrade go to 1.25.5 to fix GO-2025-4155 #2846

rdimitrov merged 3 commits into from
Dec 3, 2025
+2 −2

Conversation

@ChrisJBurns
Copy link
Collaborator

@ChrisJBurns ChrisJBurns commented Dec 2, 2025

https://pkg.go.dev/vuln/GO-2025-4155

Vulnerability #1: GO-2025-4155 Excessive resource consumption when printing error string for host certificate validation in crypto/x509 More info: https://pkg.go.dev/vuln/GO-2025-4155 Standard library Found in: crypto/x509@go1.25.3 Fixed in: crypto/x509@go1.25.5 Example traces found: Error: #1: pkg/api/scalar.go:67:26: api.ServeScalar calls x509.HostnameError.Error
@ChrisJBurns
fixs go vuln found 2nd Dec 2025
b865cf1 
https://pkg.go.dev/vuln/GO-2025-4155 Signed-off-by: Chris Burns <29541485+ChrisJBurns@users.noreply.github.com>
@github-actions github-actions bot added the size/XS Extra small PR: < 100 lines changed label Dec 2, 2025
@ChrisJBurns ChrisJBurns changed the title fixs go vuln found 2nd Dec 2025 upgrade go to 1.25.5 to fix go vuln found 2nd Dec 2025 Dec 2, 2025
@ChrisJBurns ChrisJBurns changed the title upgrade go to 1.25.5 to fix go vuln found 2nd Dec 2025 upgrade go to 1.25.5 to fix GO-2025-4155 Dec 2, 2025
@ChrisJBurns ChrisJBurns changed the title upgrade go to 1.25.5 to fix GO-2025-4155 upgrade go to 1.25.5 to fix GO-2025-4155 Dec 2, 2025
@github-actions github-actions bot added size/XS Extra small PR: < 100 lines changed and removed size/XS Extra small PR: < 100 lines changed labels Dec 2, 2025
@codecov
Copy link

codecov bot commented Dec 2, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 56.59%. Comparing base (71ec710) to head (21b78df).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files 
@@ Coverage Diff @@ ## main #2846 +/- ## ======================================= Coverage 56.58% 56.59% ======================================= Files 322 322 Lines 31243 31243 ======================================= + Hits 17679 17682 +3  + Misses 12049 12047 -2  + Partials 1515 1514 -1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
rdimitrov
rdimitrov previously approved these changes Dec 2, 2025
View reviewed changes
@rdimitrov rdimitrov dismissed their stale review December 2, 2025 19:33

Failing CI checks

@github-actions github-actions bot added size/XS Extra small PR: < 100 lines changed and removed size/XS Extra small PR: < 100 lines changed labels Dec 3, 2025
@rdimitrov rdimitrov mentioned this pull request Dec 3, 2025
Closed
@rdimitrov rdimitrov merged commit 40b09e0 into main Dec 3, 2025
39 of 43 checks passed
@rdimitrov rdimitrov deleted the upgrades-golang branch December 3, 2025 10:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

size/XS Extra small PR: < 100 lines changed

5 participants

@ChrisJBurns @yrobla @rdimitrov @JAORMX