Skip to content

fix(security): remediate CVE vulnerabilities in release-0.12#578

Merged
ulucinar merged 2 commits into
release-0.12from
fix/cve-remediation-release-0.12-20260522-155044
May 22, 2026
Merged

fix(security): remediate CVE vulnerabilities in release-0.12#578
ulucinar merged 2 commits into
release-0.12from
fix/cve-remediation-release-0.12-20260522-155044

Conversation

@ulucinar
Copy link
Copy Markdown
Collaborator

@ulucinar ulucinar commented May 22, 2026

Summary

This PR fixes CVE vulnerabilities identified by security scanning.

Vulnerabilities Fixed

CVE/GHSA Severity Package Fixed Version
CVE-2026-27143 Critical stdlib (Go) 1.25.10
CVE-2025-68121 Critical stdlib (Go) 1.25.10
CVE-2026-39820 High stdlib (Go) 1.25.10
CVE-2026-25679 High stdlib (Go) 1.25.10
CVE-2026-42499 High stdlib (Go) 1.25.10
CVE-2026-39836 High stdlib (Go) 1.25.10
CVE-2026-32281 High stdlib (Go) 1.25.10
CVE-2026-32280 High stdlib (Go) 1.25.10
CVE-2026-32283 High stdlib (Go) 1.25.10
CVE-2026-33814 High stdlib (Go) 1.25.10
CVE-2026-33811 High stdlib (Go) 1.25.10
CVE-2026-27140 High stdlib (Go) 1.25.10
CVE-2026-42501 High stdlib (Go) 1.25.10
CVE-2025-61732 High stdlib (Go) 1.25.10
CVE-2026-27144 High stdlib (Go) 1.25.10
CVE-2026-39817 Medium stdlib (Go) 1.25.10
CVE-2026-27142 Medium stdlib (Go) 1.25.10
CVE-2026-39826 Medium stdlib (Go) 1.25.10
CVE-2026-39825 Medium stdlib (Go) 1.25.10
CVE-2026-32289 Medium stdlib (Go) 1.25.10
CVE-2026-39823 Medium stdlib (Go) 1.25.10
CVE-2026-32282 Medium stdlib (Go) 1.25.10
CVE-2026-39819 Medium stdlib (Go) 1.25.10
CVE-2026-32288 Medium stdlib (Go) 1.25.10
CVE-2026-27139 Low stdlib (Go) 1.25.10

Changes Made

  • Updated Go version from 1.25.6 to 1.25.10 in go.mod
  • Updated GO_VERSION environment variable to 1.25.10 in .github/workflows/ci.yml
  • Ran go mod tidy to update dependency checksums

References

Verification

  • Rescanned with cve-scan skill after fixes
  • All listed vulnerabilities resolved

@ulucinar
Pin Crossplane CLI to v2.3.0 from the stable channel
264c98a 
Signed-off-by: Alper Rifat Ulucinar <ulucinar@users.noreply.github.com>
turkenf
turkenf approved these changes May 22, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@turkenf turkenf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @ulucinar, LGTM.

@ulucinar ulucinar merged commit 548ae34 into release-0.12 May 22, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@turkenf turkenf turkenf approved these changes

@sergenyalcin sergenyalcin Awaiting requested review from sergenyalcin sergenyalcin is a code owner

@ezgidemirel ezgidemirel Awaiting requested review from ezgidemirel ezgidemirel is a code owner

@phisco phisco Awaiting requested review from phisco phisco is a code owner

@bobh66 bobh66 Awaiting requested review from bobh66 bobh66 is a code owner

@adamwg adamwg Awaiting requested review from adamwg adamwg is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ulucinar @turkenf