Skip to content

*: upgrade go version to v1.25.6 to avoid security vulnerabilities #1079

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
djshow832 wants to merge 4 commits into from
Closed

*: upgrade go version to v1.25.6 to avoid security vulnerabilities #1079

djshow832 wants to merge 4 commits into from

Conversation

@djshow832
Copy link
Collaborator

@djshow832 djshow832 commented Feb 4, 2026

What problem does this PR solve?

Issue Number: close #1078

Problem Summary:

Target: `usr/bin/tiproxy` (gobinary) (7 vulnerabilities)
[MEDIUM] Risk Library:  golang.org/x/crypto  Installed: `v0.40.0`
[CVE-2025-47914](https://nvd.nist.gov/vuln/detail/CVE-2025-47914) - MEDIUM - Fixed: `0.45.0`
[CVE-2025-58181](https://nvd.nist.gov/vuln/detail/CVE-2025-58181) - MEDIUM - Fixed: `0.45.0`
[UNKNOWN] Risk Library:  stdlib  Installed: `v1.25.5`
[CVE-2025-61726](https://nvd.nist.gov/vuln/detail/CVE-2025-61726) - UNKNOWN - Fixed: `1.24.12, 1.25.6`
[CVE-2025-61728](https://nvd.nist.gov/vuln/detail/CVE-2025-61728) - UNKNOWN - Fixed: `1.24.12, 1.25.6`
[CVE-2025-61730](https://nvd.nist.gov/vuln/detail/CVE-2025-61730) - UNKNOWN - Fixed: `1.24.12, 1.25.6`

Target: `usr/bin/tiproxyctl` (gobinary) (3 vulnerabilities)
[UNKNOWN] Risk Library:  stdlib  Installed: `v1.25.5`
[CVE-2025-61726](https://nvd.nist.gov/vuln/detail/CVE-2025-61726) - UNKNOWN - Fixed: `1.24.12, 1.25.6`
[CVE-2025-61728](https://nvd.nist.gov/vuln/detail/CVE-2025-61728) - UNKNOWN - Fixed: `1.24.12, 1.25.6`
[CVE-2025-61730](https://nvd.nist.gov/vuln/detail/CVE-2025-61730) - UNKNOWN - Fixed: `1.24.12, 1.25.6`

What is changed and how it works:
Upgrade go to v1.25.6 and upgrade golang.org/x/crypto to latest.

Check List

Tests

  • Unit test
  • Integration test
  • Manual test (add detailed scripts or steps below)
  • No code

Notable changes

  • Has configuration change
  • Has HTTP API interfaces change
  • Has tiproxyctl change
  • Other user behavior changes

Release note

Please refer to Release Notes Language Style Guide to write a quality release note.

None

@ti-chi-bot ti-chi-bot bot requested review from bb7133 and xhebox February 4, 2026 12:26
@ti-chi-bot
Copy link

ti-chi-bot bot commented Feb 4, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign djshow832 for approval. For more information see the Code Review Process.
Please ensure that each of them provides their approval before proceeding.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ti-chi-bot ti-chi-bot bot added the size/XXL label Feb 4, 2026
@djshow832 djshow832 mentioned this pull request Feb 4, 2026
Closed
8 tasks
@wuhuizuo
Copy link

wuhuizuo commented Feb 4, 2026

/test pull-check pull-unit-test pull-build

@djshow832
Copy link
Collaborator Author

djshow832 commented Feb 5, 2026

/retest

@djshow832
Copy link
Collaborator Author

djshow832 commented Feb 5, 2026

/retest

@djshow832
Copy link
Collaborator Author

djshow832 commented Feb 6, 2026

refer to #1080

@djshow832 djshow832 closed this Feb 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bb7133 bb7133 Awaiting requested review from bb7133

@xhebox xhebox Awaiting requested review from xhebox

Assignees

No one assigned

Labels

size/XXL

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

upgrade go to v1.25.6

2 participants

@djshow832 @wuhuizuo