8000 update to go1.24.7 by vvoland · Pull Request #50889 · moby/moby · GitHub
[go: up one dir, main page]
Skip to content

update to go1.24.7 #50889

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 3, 2025
Merged

update to go1.24.7 #50889

merged 1 commit into from
Sep 3, 2025
+15 −15

Conversation

vvoland
Copy link
Contributor
@vvoland vvoland commented Sep 3, 2025

This includes 1 security fix:

  • net/http: CrossOriginProtection bypass patterns are over-broad

    When passing patterns to CrossOriginProtection.AddInsecureBypassPattern,
    requests that would have redirected to those patterns (e.g. without a trailing
    slash) were also exempted, which might be unexpected.

    Thanks to Marco Gazerro for reporting this issue.

    This is CVE-2025-47910 and Go issue https://go.dev/issue/75054.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.24.7

- What I did

- How I did it

- How to verify it

- Human readable description for the release notes

Update Go runtime to 1.24.7

- A picture of a cute animal (not mandatory but encouraged)

@vvoland
update to go1.24.7
30406d4 
This includes 1 security fix:

- net/http: CrossOriginProtection bypass patterns are over-broad

    When passing patterns to CrossOriginProtection.AddInsecureBypassPattern,
    requests that would have redirected to those patterns (e.g. without a trailing
    slash) were also exempted, which might be unexpected.

    Thanks to Marco Gazerro for reporting this issue.

    This is CVE-2025-47910 and Go issue https://go.dev/issue/75054.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.24.7

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
@vvoland vvoland added this to the 29.0.0 milestone Sep 3, 2025
@vvoland vvoland self-assigned this Sep 3, 2025
@vvoland vvoland requested a review from tianon as a code owner September 3, 2025 18:33
@vvoland vvoland mentioned this pull request Sep 3, 2025
Merged
thaJeztah
thaJeztah approved these changes Sep 3, 2025
View reviewed changes
Copy link
Member
@thaJeztah thaJeztah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@vvoland vvoland closed this Sep 3, 2025
@vvoland vvoland reopened this Sep 3, 2025
@vvoland vvoland added the kind/bugfix PR's that fix bugs label Sep 3, 2025
@vvoland vvoland merged commit ac2d830 into moby:master Sep 3, 2025
247 of 298 checks passed
@dmcgowan dmcgowan mentioned this pull request Sep 5, 2025
Merged
@jtgasper3 jtgasper3 mentioned this pull request Sep 27, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thaJeztah thaJeztah thaJeztah approved these changes

@tianon tianon Awaiting requested review from tianon tianon is a code owner

Assignees

@vvoland vvoland

Labels
area/dependencies area/security impact/changelog kind/bugfix PR's that fix bugs process/cherry-picked
Projects
None yet
Milestone
29.0.0
Development

Successfully merging this pull request may close these issues.
2 participants
@vvoland @thaJeztah
0