Skip to content

Commit 9173c44

Browse files
mnenciamnencia
authored
docs: update release notes for Go 1.26.3 CVE coverage (cloudnative-pg#10649)
Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
1 parent 91335f3 commit 9173c44

2 files changed

Lines changed: 24 additions & 10 deletions

File tree

docs/src/release_notes/v1.28.md

Lines changed: 12 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -37,11 +37,18 @@ on the release branch in GitHub.
3737
([#10436](https://github.com/cloudnative-pg/cloudnative-pg/pull/10436),
3838
[#10498](https://github.com/cloudnative-pg/cloudnative-pg/pull/10498))
3939

40-
- **CVE remediation in the Go runtime**: built with Go 1.26.2 to pick up
41-
upstream fixes for CVE-2026-32280 (cert-chain DoS), CVE-2026-32281
42-
(policy-mapping DoS), and CVE-2026-33810 (DNS-constraint bypass on
43-
wildcard SANs) in `crypto/x509` and `crypto/tls`.
44-
([#10462](https://github.com/cloudnative-pg/cloudnative-pg/pull/10462))
40+
- **CVE remediation in the Go runtime**: built with Go 1.26.3 to pick up
41+
upstream fixes in `crypto/x509`, `crypto/tls`, `net/http`, and `net`
42+
(CVE-2026-32280, CVE-2026-32281, CVE-2026-33810, CVE-2026-33814,
43+
CVE-2026-33811, CVE-2026-39825).
44+
([#10462](https://github.com/cloudnative-pg/cloudnative-pg/pull/10462),
45+
[#10647](https://github.com/cloudnative-pg/cloudnative-pg/pull/10647)) <!-- 1.29 1.28 1.25 -->
46+
47+
- **Build pipeline hardening**: the Go 1.26.3 bump also addresses
48+
CVE-2026-42501 (`cmd/go` module-checksum validation), reducing
49+
supply-chain exposure during release builds. The affected code paths
50+
are not reachable from the running operator.
51+
([#10647](https://github.com/cloudnative-pg/cloudnative-pg/pull/10647)) <!-- 1.29 1.28 1.25 -->
4552

4653
### Changes
4754

docs/src/release_notes/v1.29.md

Lines changed: 12 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -37,11 +37,18 @@ on the release branch in GitHub.
3737
([#10437](https://github.com/cloudnative-pg/cloudnative-pg/pull/10437),
3838
[#10499](https://github.com/cloudnative-pg/cloudnative-pg/pull/10499))
3939

40-
- **CVE remediation in the Go runtime**: built with Go 1.26.2 to pick up
41-
upstream fixes for CVE-2026-32280 (cert-chain DoS), CVE-2026-32281
42-
(policy-mapping DoS), and CVE-2026-33810 (DNS-constraint bypass on
43-
wildcard SANs) in `crypto/x509` and `crypto/tls`.
44-
([#10463](https://github.com/cloudnative-pg/cloudnative-pg/pull/10463))
40+
- **CVE remediation in the Go runtime**: built with Go 1.26.3 to pick up
41+
upstream fixes in `crypto/x509`, `crypto/tls`, `net/http`, and `net`
42+
(CVE-2026-32280, CVE-2026-32281, CVE-2026-33810, CVE-2026-33814,
43+
CVE-2026-33811, CVE-2026-39825).
44+
([#10463](https://github.com/cloudnative-pg/cloudnative-pg/pull/10463),
45+
[#10647](https://github.com/cloudnative-pg/cloudnative-pg/pull/10647)) <!-- 1.29 1.28 1.25 -->
46+
47+
- **Build pipeline hardening**: the Go 1.26.3 bump also addresses
48+
CVE-2026-42501 (`cmd/go` module-checksum validation), reducing
49+
supply-chain exposure during release builds. The affected code paths
50+
are not reachable from the running operator.
51+
([#10647](https://github.com/cloudnative-pg/cloudnative-pg/pull/10647)) <!-- 1.29 1.28 1.25 -->
4552

4653
### Changes
4754

0 commit comments

Comments
 (0)