request #44864 Go: temporarily ignore CVE-2025-47910

Infos

Artifact ID#44864

Submitted byJoris MASSON (jmasson)

Last Modified On2025-10-09 14:49

Submitted on2025-09-25 11:14

Rank46583

Details

Summary *

Go: temporarily ignore CVE-2025-47910

Original Submission

Security Advisory: https://pkg.go.dev/vuln/GO-2025-3955

There is no security impact for Tuleap, because we do not use AddInsecureBypassPattern in http.CrossOriginProtection. We can temporarily ignore this and upgrade to a fixed Go version later.

CategoryDependencies

Reported in versionEmpty

PlatformEmpty

Is an Enhancement or an internal improvement?

[ ] enhancement
[ ] internal improvement

CC listEmpty

Stage

Assigned toJoris MASSON (jmasson)

StatusClosed

Close date2025-09-25

Attachments

AttachmentsEmpty

References

Cross references

Referencing request #44864

Git commit

tuleap/tuleap/stable

chore: request #44864 Go: temporarily ignore CVE-2025-47910 52497d5043

Joris MASSON (jmasson) , 2025-09-25 11:16

Merge commit '52497d50431131c86da3f8225b1aaaa1381e66d3' into HEAD 711b4e0c36

Clarck Robinson (robinsoc) , 2025-09-25 12:04

Show items referenced by request #44864

Referenced by request #44864

Artifact Tracker v5

rel #44427 16.13

Git commit

tuleap/tuleap/stable

chore: request #44864 Go: temporarily ignore CVE-2025-47910 52497d5043

Joris MASSON (jmasson) , 2025-09-25 11:16

Other

gerrit #35684

Follow-ups

Manuel Vacelet (vaceletm)

2025-10-09 14:49

Connected artifacts
- Added Fixed in: rel #44427

Tracker Workflow Manager (forge__tracker_workflow_manager)

2025-09-25 12:04

Closed by @jmasson with git #tuleap/stable/52497d50431131c86da3f8225b1aaaa1381e66d3.

Status changed from Under review to Closed
Close date set to 2025-09-25

Joris MASSON (jmasson)

2025-09-25 11:18

See gerrit #35684

Status changed from Under implementation to Under review

Public

Referencing request #44864

Git commit

tuleap/tuleap/stable

Referenced by request #44864

Artifact Tracker v5

Git commit

tuleap/tuleap/stable

Other

Follow-ups