Update Go version to 1.25.5 to address CVE-2025-61729

navinms711 · navinms711 · commit eeabf62e6bb0 · 2026-01-14T01:38:01.000Z
CVE-2025-61729 (GO-2025-4155) is a high-severity vulnerability affecting Go versions < 1.24.11 and 1.25.0-1.25.4. The vulnerability causes excessive resource consumption in printing error strings for host certificate validation. This commit updates the Go version from 1.25.4 to 1.25.5, which includes the fix for this CVE. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-61729
diff --git a/go.mod b/go.mod
@@ -1,6 +1,6 @@
 module code.cloudfoundry.org/cli/v9
 
-go 1.25.4
+go 1.25.5
 
 require (
 	code.cloudfoundry.org/bytefmt v0.59.0
