Linux binaries built with glibc 2.39 — is there a plan to update to a newer glibc?

[qarlosalberto]

I have a question regarding the Linux binaries released by Verible.

It seems that the current Linux release binaries are built against glibc 2.39. This version is known to have several reported vulnerabilities, while the current stable glibc release is 2.42, which includes fixes for those issues.

For organizations that perform security scanning or legal/OSS compliance checks, this difference can make it harder to adopt the prebuilt Verible Linux binaries. Updating to a newer glibc would simplify the approval process significantly.

Questions:

• Is there a particular reason why the Linux builds are still using glibc 2.39?

• Is there any plan to update the build environment to a newer glibc version (e.g., 2.42)?