dev-af24b4a
Pre-release
Pre-release
π¦ release β v0.0.1-dev+af24b4a
Release type: prerelease β’ Commit:
af24b4a
Security: π‘οΈ β Critical β 3 critical and 45 high vulnerabilities detected
Image Availability
| Registry | Image | Tags |
|---|---|---|
| Docker Hub | docker.io/prplanit/polysieve |
dev-af24b4a latest-dev |
| cr.pcfae.com | cr.pcfae.com/prplanit/polysieve |
dev-af24b4a latest-dev |
Digest pull commands & supply chain artifacts
docker.io/prplanit/polysieve
docker pull docker.io/prplanit/polysieve@sha256:8e47398226e75fc4a22f471ffdee402818131084a45f9364da9ff14f5182f583
cr.pcfae.com/prplanit/polysieve
docker pull cr.pcfae.com/prplanit/polysieve@sha256:8e47398226e75fc4a22f471ffdee402818131084a45f9364da9ff14f5182f583
Downloads
| Platform | File | Size | SHA-256 |
|---|---|---|---|
linux/amd64 |
polysieve-0.0.1-dev+af24b4a-linux-amd64.tar.gz |
1.3 MB | b69696c75c4d⦠|
linux/arm64 |
polysieve-0.0.1-dev+af24b4a-linux-arm64.tar.gz |
1.2 MB | 00aa992bd35c⦠|
Full checksums
b69696c75c4dd35e05b33d58efe5dfeedfdb3dc7ffe555c3a739a36cbd9bed49 polysieve-0.0.1-dev+af24b4a-linux-amd64.tar.gz
00aa992bd35c1540ce8f6cfc56c89f0810d55883d0c1447377718ae3ee74d287 polysieve-0.0.1-dev+af24b4a-linux-arm64.tar.gz
Notable Changes
Features
- cluster: best-effort live-cluster augmentation for blind backends (SoFMeRight)
- honesty-gate: never prune a port PolySieve cannot account for (SoFMeRight)
Documentation
- refresh generated docs and badges (stagefreight) Γ2
Security
π‘οΈ β Critical β 3 critical and 45 high vulnerabilities detected
Vulnerability details (3 critical, 45 high, 59 medium, 4 low)
| Severity | CVE | Package | Installed | Fixed | Description |
|---|---|---|---|---|---|
| Critical | CVE-2025-68121 | stdlib | v1.24.6 | 1.24.13, 1.25.7, 1.26.0-rc.3 | During session resumption in crypto/tls, if the underlyin... |
| Critical | GO-2026-4337 | stdlib | go1.24.6 | 1.24.13 | During session resumption in crypto/tls, if the underlyin... |
| Critical | CVE-2026-27143 | stdlib | go1.24.6 | 1.25.9 | Arithmetic over induction variables in loops were not cor... |
| High | CVE-2026-35469 | github.com/moby/spdystream | v0.5.0 | 0.5.1 | Kubelet: CRI-O: kube-apiserver: Kubelet, CRI-O, kube-apis... |
| High | CVE-2026-25681 | golang.org/x/net | v0.38.0 | 0.55.0 | golang.org/x/net/html: golang.org/x/net/html: Arbitrary c... |
| High | CVE-2026-27136 | golang.org/x/net | v0.38.0 | 0.55.0 | golang.org/x/net/html: golang: golang.org/x/net/html: Cro... |
| High | CVE-2026-33814 | golang.org/x/net | v0.38.0 | 0.53.0 | net/http/internal/http2: golang: golang.org/x/net: Go HTT... |
| High | CVE-2026-39821 | golang.org/x/net | v0.38.0 | 0.55.0 | golang.org/x/net/idna: golang: golang.org/x/net/idna: Pri... |
| High | CVE-2025-61726 | stdlib | v1.24.6 | 1.24.12, 1.25.6 | The net/url package does not set a limit on the number of... |
| High | CVE-2025-61729 | stdlib | v1.24.6 | 1.24.11, 1.25.5 | crypto/x509: golang: Denial of Service due to excessive r... |
| High | CVE-2026-25679 | stdlib | v1.24.6 | 1.25.8, 1.26.1 | url.Parse insufficiently validated the host/authority com... |
| High | CVE-2026-27145 | stdlib | v1.24.6 | 1.25.11, 1.26.4 | crypto/x509: golang: golang crypto/x509: Denial of Servic... |
| High | CVE-2026-32280 | stdlib | v1.24.6 | 1.25.9, 1.26.2 | During chain building, the amount of work that is done is... |
| High | CVE-2026-32281 | stdlib | v1.24.6 | 1.25.9, 1.26.2 | Validating certificate chains which use policies is unexp... |
| High | CVE-2026-32283 | stdlib | v1.24.6 | 1.25.9, 1.26.2 | If one side of the TLS connection sends multiple key upda... |
| High | CVE-2026-33811 | stdlib | v1.24.6 | 1.25.10, 1.26.3 | When using LookupCNAME with the cgo DNS resolver, a very ... |
| High | CVE-2026-33814 | stdlib | v1.24.6 | 1.25.10, 1.26.3 | net/http/internal/http2: golang: golang.org/x/net: Go HTT... |
| High | CVE-2026-39820 | stdlib | v1.24.6 | 1.25.10, 1.26.3 | Well-crafted inputs reaching ParseAddress, ParseAddressLi... |
| High | CVE-2026-39822 | stdlib | v1.24.6 | 1.25.12, 1.26.5, 1.27.0-rc.2 | On Unix systems, opening a file in an os.Root improperly ... |
| High | CVE-2026-39836 | stdlib | v1.24.6 | 1.25.10, 1.26.3 | The Dial and LookupPort functions panic on Windows when p... |
| High | CVE-2026-42499 | stdlib | v1.24.6 | 1.25.10, 1.26.3 | Pathological inputs could cause DoS through consumePhrase... |
| High | CVE-2026-42504 | stdlib | v1.24.6 | 1.25.11, 1.26.4 | Decoding a maliciously-crafted MIME header containing man... |
| High | GO-2026-4341 | stdlib | go1.24.6 | 1.24.12 | The net/url package does not set a limit on the number of... |
| High | GO-2026-5037 | stdlib | go1.24.6 | 1.25.11 | (*x509.Certificate).VerifyHostname previously called matc... |
| High | GO-2026-4981 | stdlib | go1.24.6 | 1.25.10 | When using LookupCNAME with the cgo DNS resolver, a very ... |
| High | GO-2026-4977 | stdlib | go1.24.6 | 1.25.10 | Pathological inputs could cause DoS through consumePhrase... |
| High | GO-2026-4986 | stdlib | go1.24.6 | 1.25.10 | Well-crafted inputs reaching ParseAddress, ParseAddressLi... |
| High | GO-2026-4918 | golang.org/x/net | v0.38.0 | 0.53.0 | When processing HTTP/2 SETTINGS frames, transport will en... |
| High | GO-2026-4918 | stdlib | go1.24.6 | 1.25.10 | When processing HTTP/2 SETTINGS frames, transport will en... |
| High | GO-2026-4601 | stdlib | go1.24.6 | 1.25.8 | url.Parse insufficiently validated the host/authority com... |
| High | CVE-2026-27140 | stdlib | go1.24.6 | 1.25.9 | SWIG file names containing 'cgo' and well-crafted payload... |
| High | GHSA-pc3f-x583-g7j2 | github.com/moby/spdystream | v0.5.0 | 0.5.1 | SpdyStream: DOS on CRI |
| High | GO-2025-4009 | stdlib | go1.24.6 | 1.24.8 | The processing time for parsing some invalid inputs scale... |
| High | GO-2026-4870 | stdlib | go1.24.6 | 1.25.9 | If one side of the TLS connection sends multiple key upda... |
| High | GO-2026-4947 | stdlib | go1.24.6 | 1.25.9 | During chain building, the amount of work that is done is... |
| High | GO-2025-4006 | stdlib | go1.24.6 | 1.24.8 | The ParseAddress function constructs domain-literal addre... |
| High | GO-2026-4971 | stdlib | go1.24.6 | 1.25.10 | The Dial and LookupPort functions panic on Windows when p... |
| High | GO-2026-5038 | stdlib | go1.24.6 | 1.25.11 | Decoding a maliciously-crafted MIME header containing man... |
| High | CVE-2025-61731 | stdlib | go1.24.6 | 1.24.12 | Building a malicious file with cmd/go can cause can cause... |
| High | GO-2026-5026 | golang.org/x/net | v0.38.0 | 0.55.0 | The ToASCII and ToUnicode functions incorrectly accept Pu... |
| High | CVE-2025-61732 | stdlib | go1.24.6 | 1.24.13 | A discrepancy between how Go and C/C++ comments were pars... |
| High | GO-2025-4155 | stdlib | go1.24.6 | 1.24.11 | Within HostnameError.Error(), when constructing an error ... |
| High | GO-2025-4007 | stdlib | go1.24.6 | 1.24.9 | Due to the design of the name constraint checking algorit... |
| High | GO-2025-4013 | stdlib | go1.24.6 | 1.24.8 | Validating certificate chains which contain DSA public ke... |
| High | GO-2026-4946 | stdlib | go1.24.6 | 1.25.9 | Validating certificate chains which use policies is unexp... |
| High | CVE-2026-27144 | stdlib | go1.24.6 | 1.25.9 | The compiler is meant to unwrap pointers which are the op... |
| High | CVE-2026-42501 | stdlib | go1.24.6 | 1.25.10 | A malicious module proxy can exploit a flaw in the go com... |
| High | GO-2026-4970 | stdlib | go1.24.6 | 1.25.12 | On Unix systems, opening a file in an os.Root improperly ... |
| Medium | CVE-2025-47911 | golang.org/x/net | v0.38.0 | 0.45.0 | golang.org/x/net/html: Quadratic parsing complexity in go... |
| Medium | CVE-2025-58190 | golang.org/x/net | v0.38.0 | 0.45.0 | golang.org/x/net/html: Infinite parsing loop in golang.or... |
| Medium | CVE-2026-25680 | golang.org/x/net | v0.38.0 | 0.55.0 | golang.org/x/net/html: golang.org/x/net/html: Denial of S... |
| Medium | CVE-2026-42502 | golang.org/x/net | v0.38.0 | 0.55.0 | golang.org/x/net/html: golang: golang.org/x/net/html: Cro... |
| Medium | CVE-2026-42506 | golang.org/x/net | v0.38.0 | 0.55.0 | golang.org/x/net/html: golang.org/x/net/html: Cross-Site ... |
| Medium | CVE-2025-13281 | k8s.io/kubernetes | v1.34.0 | 1.32.10, 1.33.6, 1.34.2 | kube-controller-manager: Portworx Half-Blind SSRF in kube... |
| Medium | CVE-2025-47912 | stdlib | v1.24.6 | 1.24.8, 1.25.2 | The Parse function permits values other than IPv6 address... |
| Medium | CVE-2025-58183 | stdlib | v1.24.6 | 1.24.8, 1.25.2 | tar.Reader does not set a maximum size on the number of s... |
| Medium | CVE-2025-58185 | stdlib | v1.24.6 | 1.24.8, 1.25.2 | Parsing a maliciously crafted DER payload could allocate ... |
| Medium | CVE-2025-58187 | stdlib | v1.24.6 | 1.24.9, 1.25.3 | Due to the design of the name constraint checking algorit... |
| Medium | CVE-2025-58188 | stdlib | v1.24.6 | 1.24.8, 1.25.2 | Validating certificate chains which contain DSA public ke... |
| Medium | CVE-2025-58189 | stdlib | v1.24.6 | 1.24.8, 1.25.2 | When Conn.Handshake fails during ALPN negotiation the err... |
| Medium | CVE-2025-61723 | stdlib | v1.24.6 | 1.24.8, 1.25.2 | The processing time for parsing some invalid inputs scale... |
| Medium | CVE-2025-61724 | stdlib | v1.24.6 | 1.24.8, 1.25.2 | The Reader.ReadResponse function constructs a response st... |
| Medium | CVE-2025-61725 | stdlib | v1.24.6 | 1.24.8, 1.25.2 | The ParseAddress function constructs domain-literal addre... |
| Medium | CVE-2025-61727 | stdlib | v1.24.6 | 1.24.11, 1.25.5 | An excluded subdomain constraint in a certificate chain d... |
| Medium | CVE-2025-61728 | stdlib | v1.24.6 | 1.24.12, 1.25.6 | archive/zip uses a super-linear file name indexing algori... |
| Medium | CVE-2025-61730 | stdlib | v1.24.6 | 1.24.12, 1.25.6 | During the TLS 1.3 handshake if multiple messages are sen... |
| Medium | CVE-2026-27142 | stdlib | v1.24.6 | 1.25.8, 1.26.1 | Actions which insert URLs into the content attribute of H... |
| Medium | CVE-2026-32282 | stdlib | v1.24.6 | 1.25.9, 1.26.2 | On Linux, if the target of Root.Chmod is replaced with a ... |
| Medium | CVE-2026-32288 | stdlib | v1.24.6 | 1.25.9, 1.26.2 | tar.Reader can allocate an unbounded amount of memory whe... |
| Medium | CVE-2026-32289 | stdlib | v1.24.6 | 1.25.9, 1.26.2 | html/template: golang: html/template: Cross-Site Scriptin... |
| Medium | CVE-2026-39823 | stdlib | v1.24.6 | 1.25.10, 1.26.3 | html/template: golang: Go html/template: Cross-Site Scrip... |
| Medium | CVE-2026-39825 | stdlib | v1.24.6 | 1.25.10, 1.26.3 | net/http/httputil: golang: net/http/httputil: ReverseProx... |
| Medium | CVE-2026-39826 | stdlib | v1.24.6 | 1.25.10, 1.26.3 | If a trusted template author were to write a <script> tag... |
| Medium | CVE-2026-42505 | stdlib | v1.24.6 | 1.25.12, 1.26.5, 1.27.0-rc.2 | Handshakes which used Encrypted Client Hello could be de-... |
| Medium | CVE-2026-42507 | stdlib | v1.24.6 | 1.25.11, 1.26.4 | When returning errors, functions in the net/textproto pac... |
| Medium | GO-2026-4342 | stdlib | go1.24.6 | 1.24.12 | archive/zip uses a super-linear file name indexing algori... |
| Medium | GO-2025-4012 | stdlib | go1.24.6 | 1.24.8 | Despite HTTP headers having a default limit of 1MB, the n... |
| Medium | GO-2025-4015 | stdlib | go1.24.6 | 1.24.8 | The Reader.ReadResponse function constructs a response st... |
| Medium | GO-2025-4011 | stdlib | go1.24.6 | 1.24.8 | Parsing a maliciously crafted DER payload could allocate ... |
| Medium | GO-2026-4440 | golang.org/x/net | v0.38.0 | 0.45.0 | The html.Parse function in golang.org/x/net/html has quad... |
| Medium | GO-2026-4441 | golang.org/x/net | v0.38.0 | 0.45.0 | The html.Parse function in golang.org/x/net/html has an i... |
| Medium | GO-2025-4008 | stdlib | go1.24.6 | 1.24.8 | When Conn.Handshake fails during ALPN negotiation the err... |
| Medium | GO-2025-4010 | stdlib | go1.24.6 | 1.24.8 | The Parse function permits values other than IPv6 address... |
| Medium | GO-2026-5856 | stdlib | go1.24.6 | 1.25.12 | Handshakes which used Encrypted Client Hello could be de-... |
| Medium | GO-2026-4980 | stdlib | go1.24.6 | 1.25.10 | If a trusted template author were to write a <script> tag... |
| Medium | GO-2026-4976 | stdlib | go1.24.6 | 1.25.10 | ReverseProxy can forward queries containing parameters no... |
| Medium | GHSA-r6j8-c6r2-37rr | k8s.io/kubernetes | v1.34.0 | 1.34.2 | kube-controller-manager is vulnerable to half-blind Serve... |
| Medium | GO-2025-4014 | stdlib | go1.24.6 | 1.24.8 | tar.Reader does not set a maximum size on the number of s... |
| Medium | GO-2026-5039 | stdlib | go1.24.6 | 1.25.11 | When returning errors, functions in the net/textproto pac... |
| Medium | GO-2026-4603 | stdlib | go1.24.6 | 1.25.8 | Actions which insert URLs into the content attribute of H... |
| Medium | GO-2026-4982 | stdlib | go1.24.6 | 1.25.10 | CVE-2026-27142 fixed a vulnerability in which URLs were n... |
| Medium | GO-2026-4864 | stdlib | go1.24.6 | 1.25.9 | On Linux, if the target of Root.Chmod is replaced with a ... |
| Medium | CVE-2025-60876 | busybox | 1.37.0-r31 | β | BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) ... |
| Medium | CVE-2025-60876 | busybox-binsh | 1.37.0-r31 | β | BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) ... |
| Medium | CVE-2025-60876 | ssl_client | 1.37.0-r31 | β | BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) ... |
| Medium | GO-2026-4865 | stdlib | go1.24.6 | 1.25.9 | Context was not properly tracked across template branches... |
| Medium | GO-2025-4175 | stdlib | go1.24.6 | 1.24.11 | An excluded subdomain constraint in a certificate chain d... |
| Medium | GO-2026-4869 | stdlib | go1.24.6 | 1.25.9 | tar.Reader can allocate an unbounded amount of memory whe... |
| Medium | GHSA-5cv4-jp36-h3mw | golang.org/x/net | v0.38.0 | 0.55.0 | Go Net HTML parser is vulnerable to denial of service |
| Medium | GO-2026-5028 | golang.org/x/net | v0.38.0 | 0.55.0 | Parsing arbitrary HTML can consume excessive CPU time, po... |
| Medium | GO-2026-4340 | stdlib | go1.24.6 | 1.24.12 | During the TLS 1.3 handshake if multiple messages are sen... |
| Medium | GO-2026-5025 | golang.org/x/net | v0.38.0 | 0.55.0 | Parsing arbitrary HTML which is then rendered using Rende... |
| Medium | GO-2026-5027 | golang.org/x/net | v0.38.0 | 0.55.0 | Parsing arbitrary HTML which is then rendered using Rende... |
| Medium | GO-2026-5029 | golang.org/x/net | v0.38.0 | 0.55.0 | Parsing arbitrary HTML which is then rendered using Rende... |
| Medium | GO-2026-5030 | golang.org/x/net | v0.38.0 | 0.55.0 | Parsing arbitrary HTML which is then rendered using Rende... |
| Medium | CVE-2026-39817 | stdlib | go1.24.6 | 1.25.10 | The "go tool pack" subcommand (usually used only by the c... |
| Medium | CVE-2026-39819 | stdlib | go1.24.6 | 1.25.10 | The "go bug" command writes to two files with predictable... |
| Low | CVE-2025-58186 | stdlib | v1.24.6 | 1.24.8, 1.25.2 | Despite HTTP headers having a default limit of 1MB, the n... |
| Low | CVE-2026-27139 | stdlib | v1.24.6 | 1.25.8, 1.26.1 | On Unix platforms, when listing the contents of a directo... |
| Low | GO-2026-4602 | stdlib | go1.24.6 | 1.25.8 | On Unix platforms, when listing the contents of a directo... |
| Low | GO-2026-5024 | golang.org/x/sys | v0.31.0 | 0.44.0 | NewNTUnicodeString does not check for string length overf... |
Full changelog
- [
af24b4a] best-effort live-cluster augmentation for blind backends (SoFMeRight) - [
9c8bcc3] refresh generated docs and badges (stagefreight) - [
c154158] never prune a port PolySieve cannot account for (SoFMeRight) - [
392598d] refresh generated docs and badges (stagefreight)