Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[28.x backport] update to go1.24.7 #6422

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 3, 2025
Merged

[28.x backport] update to go1.24.7 #6422

merged 1 commit into from
Sep 3, 2025
+9 −9

Conversation

@vvoland
Copy link
Collaborator

@vvoland vvoland commented Sep 3, 2025

This includes 1 security fix:

  • net/http: CrossOriginProtection bypass patterns are over-broad

    When passing patterns to CrossOriginProtection.AddInsecureBypassPattern,
    requests that would have redirected to those patterns (e.g. without a trailing
    slash) were also exempted, which might be unexpected.

    Thanks to Marco Gazerro for reporting this issue.

    This is CVE-2025-47910 and Go issue https://go.dev/issue/75054.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.24.7

- What I did

- How I did it

- How to verify it

- Human readable description for the release notes

Update Go runtime to 1.24.7

- A picture of a cute animal (not mandatory but encouraged)

@vvoland
update to go1.24.7
6e20b9d 
This includes 1 security fix:

- net/http: CrossOriginProtection bypass patterns are over-broad

    When passing patterns to CrossOriginProtection.AddInsecureBypassPattern,
    requests that would have redirected to those patterns (e.g. without a trailing
    slash) were also exempted, which might be unexpected.

    Thanks to Marco Gazerro for reporting this issue.

    This is CVE-2025-47910 and Go issue https://go.dev/issue/75054.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.24.7

Signed-off-by: Paweł Gronowski <[email protected]>
(cherry picked from commit f64b8a3)
Signed-off-by: Paweł Gronowski <[email protected]>
@vvoland vvoland added this to the 28.4.0 milestone Sep 3, 2025
@vvoland vvoland self-assigned this Sep 3, 2025
@codecov-commenter
Copy link

codecov-commenter commented Sep 3, 2025

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

thaJeztah
thaJeztah approved these changes Sep 3, 2025
View reviewed changes
Copy link
Member

@thaJeztah thaJeztah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM once CI is happy

@vvoland vvoland closed this Sep 3, 2025
@vvoland vvoland reopened this Sep 3, 2025
@vvoland vvoland added the kind/bugfix PR's that fix bugs label Sep 3, 2025
@vvoland vvoland merged commit ff5ea75 into docker:28.x Sep 3, 2025
106 of 184 checks passed
@jtgasper3 jtgasper3 mentioned this pull request Sep 27, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thaJeztah thaJeztah thaJeztah approved these changes

Assignees

@vvoland vvoland

Labels

area/dependencies impact/changelog kind/bugfix PR's that fix bugs status/2-code-review

Projects

None yet

Milestone

28.4.0

Development

Successfully merging this pull request may close these issues.

3 participants

@vvoland @codecov-commenter @thaJeztah