Skip to content

fix: Update Go version from 1.25.8 to 1.25.9#297

Merged
k8s-ci-robot merged 1 commit intokubernetes-csi:masterfrom
andyzhangx:patch-11
Apr 9, 2026
Merged

fix: Update Go version from 1.25.8 to 1.25.9#297
k8s-ci-robot merged 1 commit intokubernetes-csi:masterfrom
andyzhangx:patch-11

Conversation

@andyzhangx
Copy link
Copy Markdown
Member

@andyzhangx andyzhangx commented Apr 9, 2026 

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬─────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version  │                            Title                            │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼─────────────────────────────────────────────────────────────┤
│ stdlib  │ CVE-2026-32280 │ UNKNOWN  │ fixed  │ v1.25.8           │ 1.25.9, 1.26.2 │ Unexpected work during chain building in crypto/x509        │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2026-32280                  │
│         ├────────────────┤          │        │                   │                ├─────────────────────────────────────────────────────────────┤
│         │ CVE-2026-32281 │          │        │                   │                │ Inefficient policy validation in crypto/x509                │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2026-32281                  │
│         ├────────────────┤          │        │                   │                ├─────────────────────────────────────────────────────────────┤
│         │ CVE-2026-32282 │          │        │                   │                │ TOCTOU permits root escape on Linux via Root.Chmod in os in │
│         │                │          │        │                   │                │ internal/syscall/unix...                                    │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2026-32282                  │
│         ├────────────────┤          │        │                   │                ├─────────────────────────────────────────────────────────────┤
│         │ CVE-2026-32283 │          │        │                   │                │ Unauthenticated TLS 1.3 KeyUpdate record can cause          │
│         │                │          │        │                   │                │ persistent connection retention and DoS...                  │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2026-32283                  │
│         ├────────────────┤          │        │                   │                ├─────────────────────────────────────────────────────────────┤
│         │ CVE-2026-32288 │          │        │                   │                │ Unbounded allocation for old GNU sparse in archive/tar      │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2026-32288                  │
│         ├────────────────┤          │        │                   │                ├─────────────────────────────────────────────────────────────┤
│         │ CVE-2026-32289 │          │        │                   │                │ JsBraceDepth Context Tracking Bugs (XSS) in html/template   │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2026-32289                  │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴────────────────┴─────────────────────────────────────────────────────────────┘

Release note:

fix: Update Go version from 1.25.8 to 1.25.9

@k8s-ci-robot k8s-ci-robot added the release-note Denotes a PR that will be considered when it comes time to generate release notes. label Apr 9, 2026
@k8s-ci-robot k8s-ci-robot requested review from carlory and pohly April 9, 2026 02:13
@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Apr 9, 2026
@xing-yang
Copy link
Copy Markdown
Contributor

xing-yang commented Apr 9, 2026

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Apr 9, 2026
@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented Apr 9, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: andyzhangx, xing-yang

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Apr 9, 2026
@k8s-ci-robot k8s-ci-robot merged commit de06a09 into kubernetes-csi:master Apr 9, 2026
8 of 9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@carlory carlory Awaiting requested review from carlory

@pohly pohly Awaiting requested review from pohly

Assignees

@xing-yang xing-yang

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@andyzhangx @xing-yang @k8s-ci-robot