request #45254 Go: 1.25.1 -> 1.25.3

Infos

Artifact ID#45254

Submitted byJoris MASSON (jmasson)

Last Modified On2025-10-31 10:27

Submitted on2025-10-30 18:01

Rank46971

Details

Summary *

Go: 1.25.1 -> 1.25.3

Original Submission

Security advisories:

CVE-2025-61725: https://pkg.go.dev/vuln/GO-2025-4006
CVE-2025-58187: https://pkg.go.dev/vuln/GO-2025-4007
CVE-2025-58189: https://pkg.go.dev/vuln/GO-2025-4008
CVE-2025-61723: https://pkg.go.dev/vuln/GO-2025-4009
CVE-2025-47912: https://pkg.go.dev/vuln/GO-2025-4010
CVE-2025-58185: https://pkg.go.dev/vuln/GO-2025-4011
CVE-2025-58186: https://pkg.go.dev/vuln/GO-2025-4012
CVE-2025-58188: https://pkg.go.dev/vuln/GO-2025-4013
CVE-2025-58183: https://pkg.go.dev/vuln/GO-2025-4014
CVE-2025-61724: https://pkg.go.dev/vuln/GO-2025-4015

https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI

CategoryDependencies

Reported in versionEmpty

PlatformEmpty

Is an Enhancement or an internal improvement?

[ ] enhancement
[ ] internal improvement

CC listEmpty

Stage

Assigned toEmpty

StatusClosed

Close date2025-10-31

Attachments

AttachmentsEmpty

References

Cross references

Referencing request #45254

Git commit

tuleap/tuleap/stable

chore: request #45254 Go: 1.25.1 -> 1.25.3 19c356759a

Thomas Gerbet (tgerbet) , 2025-10-31 09:43

Merge commit 'refs/changes/80/36080/1' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD d3e0cf8ee6

Joris MASSON (jmasson) , 2025-10-31 10:26

Show items referenced by request #45254

Referenced by request #45254

Artifact Tracker v5

rel #44428 17.0

Git commit

tuleap/tuleap/stable

chore: request #45254 Go: 1.25.1 -> 1.25.3 19c356759a

Thomas Gerbet (tgerbet) , 2025-10-31 09:43

Other

Follow-ups

Joris MASSON (jmasson)

2025-10-31 10:27

Original Submission

Something went wrong, the follow up content couldn't be loaded

Only formatting have been changed, you should switch to markup to see the changes
Connected artifacts
- Added Fixed in: rel #44428

Tracker Workflow Manager (forge__tracker_workflow_manager)

2025-10-31 10:26

Closed by @tgerbet with git #tuleap/stable/19c356759a4f87491d9db5ecef3363d8da38deb8.

Status changed from Under review to Closed
Close date set to 2025-10-31

Thomas Gerbet (tgerbet)

2025-10-31 09:43

See gerrit #36080

Summary
-Go: ~~temporarily ignore 10 vulns~~
+Go: 1.25.1 -> 1.25.3
Original Submission

Something went wrong, the follow up content couldn't be loaded

Only formatting have been changed, you should switch to markup to see the changes
Status changed from Under implementation to Under review

Thomas Gerbet (tgerbet)

2025-10-31 08:50

I have a doubt on CVE-2025-47912, we might possibly be impacted in Smokescreen.

The other issues are not really a concern in our usages, nothing is directly exposed.

Checking, for once it might be easier to move our whole toolchain to Go 1.25.3.

Joris MASSON (jmasson)

2025-10-30 18:05

See gerrit #36074