From 2c1d3f939b505b0a152e5dd2e967099b595910b6 Mon Sep 17 00:00:00 2001 From: Rein Krul Date: Fri, 10 Apr 2026 14:59:32 +0200 Subject: [PATCH] Upgrade Go to 1.26.2 to fix stdlib CVEs (v6.2.2) Fixes GO-2026-4865 (html/template XSS), GO-2026-4866 (crypto/x509 auth bypass), GO-2026-4869 (archive/tar DoS), GO-2026-4870 (crypto/tls DoS), GO-2026-4946 (crypto/x509 DoS) Co-Authored-By: Claude Sonnet 4.6 --- Dockerfile | 2 +- docs/pages/release_notes.rst | 10 ++++++++++ go.mod | 2 +- 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 5ce0e9125..8c49e7018 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # golang alpine -FROM golang:1.26.1-alpine AS builder +FROM golang:1.26.2-alpine AS builder ARG TARGETARCH ARG TARGETOS diff --git a/docs/pages/release_notes.rst b/docs/pages/release_notes.rst index 1d788416f..4ae59236d 100644 --- a/docs/pages/release_notes.rst +++ b/docs/pages/release_notes.rst @@ -2,6 +2,16 @@ Release notes ############# +**************** +Peanut (v6.2.2) +**************** + +Release date: 2026-04-10 + +- Upgrade Go to 1.26.2 to fix GO-2026-4865 (html/template XSS), GO-2026-4866 (crypto/x509 auth bypass), GO-2026-4869 (archive/tar DoS), GO-2026-4870 (crypto/tls DoS), GO-2026-4946 (crypto/x509 DoS) + +**Full Changelog**: https://github.com/nuts-foundation/nuts-node/compare/v6.2.1...v6.2.2 + **************** Peanut (v6.2.1) **************** diff --git a/go.mod b/go.mod index ace858f27..311354886 100644 --- a/go.mod +++ b/go.mod @@ -2,7 +2,7 @@ module github.com/nuts-foundation/nuts-node // This is the minimal version, the actual go version is determined by the images in the Dockerfile // This version is used in automated tests such as the 'Scheduled govulncheck' action -go 1.26.1 +go 1.26.2 require ( github.com/Azure/azure-sdk-for-go/sdk/azcore v1.21.0