Commit c6bece0
fix(cve): CVE-2026-32280, CVE-2026-32281 - update Go from 1.25.8 to 1.25.9
- Update Go from 1.25.8 to 1.25.9 to address Go stdlib vulnerabilities
- CVE-2026-32280 (CVSS 7.5 HIGH): crypto/x509 DoS via certificate chain building
All Go versions < 1.25.9 affected; fixed in 1.25.9
- CVE-2026-32281 (CVSS 7.5 HIGH): crypto/x509 DoS via inefficient certificate
chain validation; fixed in Go 1.25.9
Changes:
- go.mod: go 1.25.8 → go 1.25.9
- go mod tidy, go mod verify, go mod vendor completed
Resolves: SRVKP-12045, SRVKP-12003
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>1 parent d6b0e56 commit c6bece0
3 files changed
Lines changed: 1 addition & 403 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
2 | 2 | | |
3 | | - | |
| 3 | + | |
4 | 4 | | |
5 | 5 | | |
6 | 6 | | |
| |||
This file was deleted.
0 commit comments