Skip to content

update to Go 1.23.10 #3443

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kcp-ci-bot merged 1 commit into from
Jun 6, 2025
Merged

update to Go 1.23.10 #3443

kcp-ci-bot merged 1 commit into from
Jun 6, 2025

Conversation

@xrstf
Copy link
Contributor

@xrstf xrstf commented Jun 5, 2025

Summary

Go 1.23.10 fixes these CVEs:

  • CVE-2025-4673: net/http: sensitive headers not cleared on cross-origin redirect
  • CVE-2025-0913: os: inconsistent handling of O_CREATE|O_EXCL on Unix and Windows
  • CVE-2025-22874: crypto/x509: usage of ExtKeyUsageAny disables policy validation

What Type of PR Is This?

/kind cleanup

Release Notes

Update to Go 1.23.10.

@kcp-ci-bot kcp-ci-bot added release-note Denotes a PR that will be considered when it comes time to generate release notes. dco-signoff: yes Indicates the PR's author has signed the DCO. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Jun 5, 2025
embik
embik approved these changes Jun 6, 2025
View reviewed changes
Copy link
Member

@embik embik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve

@kcp-ci-bot kcp-ci-bot added the lgtm Indicates that a PR is ready to be merged. label Jun 6, 2025
@kcp-ci-bot
Copy link
Contributor

kcp-ci-bot commented Jun 6, 2025

LGTM label has been added.

Git tree hash: d8bf573e675e5b8eafc42e2758e6816c5f0a6ab6

@kcp-ci-bot
Copy link
Contributor

kcp-ci-bot commented Jun 6, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: embik

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@kcp-ci-bot kcp-ci-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 6, 2025
@embik
Copy link
Member

embik commented Jun 6, 2025

/retest

@kcp-ci-bot kcp-ci-bot merged commit d776408 into kcp-dev:main Jun 6, 2025
15 checks passed
@kcp-ci-bot kcp-ci-bot added this to the v0.28.0 milestone Jun 6, 2025
@xrstf xrstf deleted the bump-go branch July 18, 2025 12:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@embik embik embik approved these changes

Assignees

@embik embik

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. dco-signoff: yes Indicates the PR's author has signed the DCO. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. lgtm Indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.

Projects

None yet

Milestone

v0.28.0

Development

Successfully merging this pull request may close these issues.

3 participants

@xrstf @kcp-ci-bot @embik