Skip to content

fix: upgrade Go to 1.25.7 to fix CVE-2025-68121 #2002

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
coderzc merged 1 commit into from
Feb 10, 2026
Merged

fix: upgrade Go to 1.25.7 to fix CVE-2025-68121 #2002

coderzc merged 1 commit into from
Feb 10, 2026

Conversation

@coderzc
Copy link
Member

@coderzc coderzc commented Feb 10, 2026

Summary

Upgrade Go version from 1.25.6 to 1.25.7 to address the HIGH severity vulnerability CVE-2025-68121 in crypto/tls session resumption.

Vulnerability Details

  • CVE: CVE-2025-68121
  • Severity: HIGH
  • Affected Version: Go 1.25.6
  • Fixed Version: Go 1.25.7 (also 1.24.13, 1.26.0-rc.3)
  • Title: During session resumption in crypto/tls, if the underlying Config has...

Changes

  • go.mod: Upgrade go directive from 1.25.6 to 1.25.7

Testing

  • go mod tidy executed successfully

@coderzc
fix: upgrade Go to 1.25.7 to fix CVE-2025-68121
f5410c0 
Upgrade Go version from 1.25.6 to 1.25.7 to address the HIGH severity
vulnerability CVE-2025-68121 in crypto/tls session resumption.

Fixed versions: 1.24.13, 1.25.7, 1.26.0-rc.3
@github-actions
Copy link

github-actions bot commented Feb 10, 2026

@coderzc:Thanks for your contribution. For this PR, do we need to update docs?
(The PR template contains info about doc, which helps others know more about the changes. Can you provide doc-related info in this and future PR descriptions? Thanks)

@github-actions github-actions bot added the doc-info-missing This pr needs to mark a document option in description label Feb 10, 2026
@coderzc coderzc merged commit ae25e7d into master Feb 10, 2026
11 checks passed
@coderzc coderzc deleted the fix/cve-2025-68121 branch February 10, 2026 09:02
coderzc added a commit that referenced this pull request Feb 10, 2026
@coderzc
fix: upgrade Go to 1.25.7 to fix CVE-2025-68121 (#2002)
413a5e6 
Upgrade Go version from 1.25.6 to 1.25.7 to address the HIGH severity
vulnerability CVE-2025-68121 in crypto/tls session resumption.

Fixed versions: 1.24.13, 1.25.7, 1.26.0-rc.3

(cherry picked from commit ae25e7d)
coderzc added a commit that referenced this pull request Feb 10, 2026
@coderzc
fix: upgrade Go to 1.25.7 to fix CVE-2025-68121 (#2002)
904a328 
Upgrade Go version from 1.25.6 to 1.25.7 to address the HIGH severity
vulnerability CVE-2025-68121 in crypto/tls session resumption.

Fixed versions: 1.24.13, 1.25.7, 1.26.0-rc.3

(cherry picked from commit ae25e7d)
coderzc added a commit that referenced this pull request Feb 10, 2026
@coderzc
fix: upgrade Go to 1.25.7 to fix CVE-2025-68121 (#2002)
f63cbec 
Upgrade Go version from 1.25.6 to 1.25.7 to address the HIGH severity
vulnerability CVE-2025-68121 in crypto/tls session resumption.

Fixed versions: 1.24.13, 1.25.7, 1.26.0-rc.3

(cherry picked from commit ae25e7d)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Technoboy- Technoboy- Technoboy- approved these changes

@shibd shibd shibd approved these changes

@mattisonchao mattisonchao mattisonchao approved these changes

@zymap zymap Awaiting requested review from zymap zymap is a code owner

@nlu90 nlu90 Awaiting requested review from nlu90 nlu90 is a code owner

Assignees

@coderzc coderzc

Labels

cherry-picked/branch-4.0 cherry-picked/branch-4.1 doc-info-missing This pr needs to mark a document option in description

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@coderzc @Technoboy- @shibd @mattisonchao