Request new release including Go security fixes for golang.org/x/crypto and stdlib vulnerabilities
#6107
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
We’ve identified several Go security vulnerabilities that affect the current kubernetes-sigs/external-dns v0.20.0 image and dependencies:
🔐 Security Advisories
Go (golang.org/x/crypto) Security Update – GHSA-f6x5-jh6r-wrfv
Go (golang.org/x/crypto) Security Update – GHSA-j5w8-q4qc-rx2x
Go (stdlib) Security Update – GO-2025-4155
Go (stdlib) Security Update – GO-2025-4175
These advisories include fixes for issues in:
golang.org/x/crypto (SSH message size validation and GSSAPI parsing limitations), and
Go standard library (crypto/x509) certificate handling and memory usage.
Could you please:
Update dependencies and build environment to include the above security fixes
Publish a new release of external-dns with those fixes included
Beta Was this translation helpful? Give feedback.
All reactions