Skip to content
This repository was archived by the owner on Apr 1, 2026. It is now read-only.
This repository was archived by the owner on Apr 1, 2026. It is now read-only.

Security: Request new release to fix critical CVEs in odo 3.16.1 dependencies #7314

Closed as not planned
Closed as not planned
Security: Request new release to fix critical CVEs in odo 3.16.1 dependencies#7314
Labels
lifecycle/rottenDenotes an issue or PR that has aged beyond stale and will be auto-closed.lifecycle/staleDenotes an issue or PR has remained open with no activity and has become stale.needs-triageIndicates an issue or PR lacks a `triage/*` and requires one.
@p13rr0m

Description

@p13rr0m
p13rr0m
opened on Oct 14, 2025

Hello,

Our ACS scan reports critical CVEs in odo v3.16.1:

  • CVE-2024-41110github.com/docker/docker v20.10.24, fixed in 23.0.15
  • CVE-2025-21613 / 21614github.com/go-git/go-git/v5 v5.11.0, fixed in 5.13.0

Binary source:
https://developers.redhat.com/content-gateway/rest/mirror/pub/openshift-v4/clients/odo/v3.16.1/odo-linux-amd64

Could you please update these dependencies and publish a new odo release that includes the security fixes?

Thanks!

Metadata

Metadata

Assignees

No one assigned

    Labels

    lifecycle/rottenDenotes an issue or PR that has aged beyond stale and will be auto-closed.lifecycle/staleDenotes an issue or PR has remained open with no activity and has become stale.needs-triageIndicates an issue or PR lacks a `triage/*` and requires one.

    Type

    No type

    Projects

    odo Project

    Status

    Done ✅

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions