Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #42638 golang.org/x/net bump to 0.39.0
    Actions
    Infos
    #42638
    Martin GOYOT (goyotm)
    2025-04-17 13:24
    2025-04-17 11:41
    44313
    Details
    golang.org/x/net bump to 0.39.0

    Fixes CVE-2025-22872, see https://pkg.go.dev/vuln/GO-2025-3595

    golang.org/x/net/html used in:

    • tuleap-mercure
    • pre-receive-tuleap-git-repo-validation
    Other
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Martin GOYOT (goyotm)
    Closed
    2025-04-17
    Attachments
    Artifact links

    Releases

    Fixed in

    Artifact ID Project Tracker Summary Status Last Update Date Submitted By Assigned to
    rel #41832 Tuleap Releases 16.7 Delivered 2025-04-23 15:25 Manuel Vacelet (vaceletm)
    Empty
    References
    Referencing request #42638

    Git commit

    tuleap/tuleap/stable

    chore: request #42638 golang.org/x/net bump to 0.39.0 24a228874e
    User avatar Martin GOYOT (goyotm) , 2025-04-17 12:13
    Merge 'gerrit #34216' into stable/master 60e52e30f7
    User avatar Thomas Gerbet (tgerbet) , 2025-04-17 13:23
    Display settings

    Follow-ups

    User avatar
    Thomas Gerbet (tgerbet)2025-04-17 12:00

    No security impact, we do not expose HTML content from these and we do not trust it to do any kind of manipulation or sanitization that could use the impacted sections.