From 4a08133049f501652b38b5252c7ee409795db31c Mon Sep 17 00:00:00 2001
From: Rein Krul <info@reinkrul.nl>
Date: Fri, 10 Apr 2026 15:00:13 +0200
Subject: [PATCH 1/2] Upgrade Go to 1.26.2 to fix stdlib CVEs (v5.4.30)

Fixes GO-2026-4865 (html/template XSS), GO-2026-4866 (crypto/x509 auth bypass),
GO-2026-4869 (archive/tar DoS), GO-2026-4870 (crypto/tls DoS), GO-2026-4946 (crypto/x509 DoS)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 Dockerfile                   |  2 +-
 docs/pages/release_notes.rst | 10 ++++++++++
 go.mod                       |  2 +-
 3 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 6fb34bf3c..fa7040160 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
 # golang alpine
-FROM golang:1.26.1-alpine AS builder
+FROM golang:1.26.2-alpine AS builder
 
 ARG TARGETARCH
 ARG TARGETOS
diff --git a/docs/pages/release_notes.rst b/docs/pages/release_notes.rst
index 2bf298250..d32807198 100644
--- a/docs/pages/release_notes.rst
+++ b/docs/pages/release_notes.rst
@@ -3,6 +3,16 @@
 Release notes
 #############
 
+*************************
+Hazelnut update (v5.4.30)
+*************************
+
+Release date: 2026-04-10
+
+- Upgrade Go to 1.26.2 to fix GO-2026-4865 (html/template XSS), GO-2026-4866 (crypto/x509 auth bypass), GO-2026-4869 (archive/tar DoS), GO-2026-4870 (crypto/tls DoS), GO-2026-4946 (crypto/x509 DoS)
+
+**Full Changelog**: https://github.com/nuts-foundation/nuts-node/compare/v5.4.29...v5.4.30
+
 *************************
 Hazelnut update (v5.4.29)
 *************************
diff --git a/go.mod b/go.mod
index b17fa12f6..0c02fcbe6 100644
--- a/go.mod
+++ b/go.mod
@@ -2,7 +2,7 @@ module github.com/nuts-foundation/nuts-node
 
 // This is the minimal version, the actual go version is determined by the images in the Dockerfile
 // This version is used in automated tests such as the 'Scheduled govulncheck' action
-go 1.26.1
+go 1.26.2
 
 require (
 	github.com/alicebob/miniredis/v2 v2.34.0

From d47a5262170e7cdd5d3f3344834080cad56eeedb Mon Sep 17 00:00:00 2001
From: Rein Krul <info@reinkrul.nl>
Date: Fri, 10 Apr 2026 15:45:59 +0200
Subject: [PATCH 2/2] Fix CircleCI Go image version to 1.26.2

---
 .circleci/config.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 535f67229..5e6069895 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -13,7 +13,7 @@ jobs:
   build:
     parallelism: 8
     docker:
-      - image: cimg/go:1.26.1
+      - image: cimg/go:1.26.2
     steps:
       - checkout
 
@@ -37,7 +37,7 @@ jobs:
 
   report:
     docker:
-      - image: cimg/go:1.26.1
+      - image: cimg/go:1.26.2
     steps:
       - checkout
       - attach_workspace: