Skip to content

fix: upgrade to go1.24.11 to fix CVE-2025-61727#287

Merged
k8s-ci-robot merged 1 commit intokubernetes-csi:masterfrom
andyzhangx:patch-7
Dec 4, 2025
Merged

fix: upgrade to go1.24.11 to fix CVE-2025-61727#287
k8s-ci-robot merged 1 commit intokubernetes-csi:masterfrom
andyzhangx:patch-7

Conversation

@andyzhangx
Copy link
Copy Markdown
Member

@andyzhangx andyzhangx commented Dec 4, 2025
edited
Loading 

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬─────────────────┬──────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │  Fixed Version  │                            Title                             │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼─────────────────┼──────────────────────────────────────────────────────────────┤
│ stdlib  │ CVE-2025-61727 │ UNKNOWN  │ fixed  │ v1.24.9           │ 1.24.11, 1.25.5 │ [crypto/x509: excluded subdomain constraint doesn't preclude │
│         │                │          │        │                   │                 │ wildcard SAN]                                                │
│         │                │          │        │                   │                 │ https://avd.aquasec.com/nvd/cve-2025-61727                   │
│         ├────────────────┤          │        │                   │                 ├──────────────────────────────────────────────────────────────┤
│         │ CVE-2025-61729 │          │        │                   │                 │ Within HostnameError.Error(), when constructing an error     │
│         │                │          │        │                   │                 │ string, there ...                                            │
│         │                │          │        │                   │                 │ https://avd.aquasec.com/nvd/cve-2025-61729                   │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴─────────────────┴──────────────────────────────────────────────────────────────┘

Release note:

fix: upgrade to go1.24.11 to fix CVE-2025-61727

@k8s-ci-robot k8s-ci-robot added the do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. label Dec 4, 2025
@k8s-ci-robot k8s-ci-robot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. release-note-none Denotes a PR that doesn't merit a release note. release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. release-note-none Denotes a PR that doesn't merit a release note. labels Dec 4, 2025
@carlory
Copy link
Copy Markdown
Member

carlory commented Dec 4, 2025

/lgtm
/assign @msau42

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Dec 4, 2025
@xing-yang
Copy link
Copy Markdown
Contributor

xing-yang commented Dec 4, 2025

/lgtm
/approve

@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented Dec 4, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: andyzhangx, xing-yang

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Dec 4, 2025
@k8s-ci-robot k8s-ci-robot merged commit c852fa7 into kubernetes-csi:master Dec 4, 2025
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@carlory carlory Awaiting requested review from carlory

@gnufied gnufied Awaiting requested review from gnufied

Assignees

@xing-yang xing-yang

@msau42 msau42

@carlory carlory

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@andyzhangx @carlory @xing-yang @k8s-ci-robot @msau42