You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This release contains fixes to address security vulnerabilities.
11
+
12
+
*Release date*: {ga-date-498}
13
+
14
+
This release addresses the following security vulnerabilities:
15
+
16
+
//ROX-35018
17
+
* golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation (link:https://access.redhat.com/security/cve/CVE-2026-46595[CVE-2026-46595])
18
+
19
+
//ROX-35022
20
+
* golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing (link:https://access.redhat.com/security/cve/CVE-2026-39821[CVE-2026-39821])
21
+
22
+
//ROX-35139
23
+
* golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey (link:https://access.redhat.com/security/cve/CVE-2026-42508[CVE-2026-42508])
Copy file name to clipboardExpand all lines: release_notes/49-release-notes.adoc
+3-2Lines changed: 3 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -23,8 +23,7 @@ toc::[]
23
23
|`4.9.5` | {ga-date-495}
24
24
|`4.9.6` | {ga-date-496}
25
25
|`4.9.7` | {ga-date-497}
26
-
27
-
26
+
|`4.9.8` | {ga-date-498}
28
27
29
28
|====
30
29
@@ -743,4 +742,6 @@ This release addresses the following security vulnerabilities:
743
742
//ROX-34736
744
743
* Go crypto/x509: Denial of service via inefficient certificate chain validation (link:https://access.redhat.com/security/cve/CVE-2026-32281[CVE-2026-32281])
0 commit comments