Skip to content

dev-af24b4a

Pre-release
Pre-release

Choose a tag to compare

@SoFMeRight SoFMeRight released this 15 Jul 04:36

πŸ“¦ release β€” v0.0.1-dev+af24b4a

Release type: prerelease β€’ Commit: af24b4a

Security: πŸ›‘οΈ ❌ Critical β€” 3 critical and 45 high vulnerabilities detected

Image Availability

Registry Image Tags
Docker Hub docker.io/prplanit/polysieve dev-af24b4a latest-dev
cr.pcfae.com cr.pcfae.com/prplanit/polysieve dev-af24b4a latest-dev
Digest pull commands & supply chain artifacts

docker.io/prplanit/polysieve

docker pull docker.io/prplanit/polysieve@sha256:8e47398226e75fc4a22f471ffdee402818131084a45f9364da9ff14f5182f583

cr.pcfae.com/prplanit/polysieve

docker pull cr.pcfae.com/prplanit/polysieve@sha256:8e47398226e75fc4a22f471ffdee402818131084a45f9364da9ff14f5182f583

Downloads

Platform File Size SHA-256
linux/amd64 polysieve-0.0.1-dev+af24b4a-linux-amd64.tar.gz 1.3 MB b69696c75c4d…
linux/arm64 polysieve-0.0.1-dev+af24b4a-linux-arm64.tar.gz 1.2 MB 00aa992bd35c…
Full checksums
b69696c75c4dd35e05b33d58efe5dfeedfdb3dc7ffe555c3a739a36cbd9bed49  polysieve-0.0.1-dev+af24b4a-linux-amd64.tar.gz
00aa992bd35c1540ce8f6cfc56c89f0810d55883d0c1447377718ae3ee74d287  polysieve-0.0.1-dev+af24b4a-linux-arm64.tar.gz

Notable Changes

Features

  • cluster: best-effort live-cluster augmentation for blind backends (SoFMeRight)
  • honesty-gate: never prune a port PolySieve cannot account for (SoFMeRight)

Documentation

  • refresh generated docs and badges (stagefreight) Γ—2

Security

πŸ›‘οΈ ❌ Critical β€” 3 critical and 45 high vulnerabilities detected

Vulnerability details (3 critical, 45 high, 59 medium, 4 low)
Severity CVE Package Installed Fixed Description
Critical CVE-2025-68121 stdlib v1.24.6 1.24.13, 1.25.7, 1.26.0-rc.3 During session resumption in crypto/tls, if the underlyin...
Critical GO-2026-4337 stdlib go1.24.6 1.24.13 During session resumption in crypto/tls, if the underlyin...
Critical CVE-2026-27143 stdlib go1.24.6 1.25.9 Arithmetic over induction variables in loops were not cor...
High CVE-2026-35469 github.com/moby/spdystream v0.5.0 0.5.1 Kubelet: CRI-O: kube-apiserver: Kubelet, CRI-O, kube-apis...
High CVE-2026-25681 golang.org/x/net v0.38.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Arbitrary c...
High CVE-2026-27136 golang.org/x/net v0.38.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cro...
High CVE-2026-33814 golang.org/x/net v0.38.0 0.53.0 net/http/internal/http2: golang: golang.org/x/net: Go HTT...
High CVE-2026-39821 golang.org/x/net v0.38.0 0.55.0 golang.org/x/net/idna: golang: golang.org/x/net/idna: Pri...
High CVE-2025-61726 stdlib v1.24.6 1.24.12, 1.25.6 The net/url package does not set a limit on the number of...
High CVE-2025-61729 stdlib v1.24.6 1.24.11, 1.25.5 crypto/x509: golang: Denial of Service due to excessive r...
High CVE-2026-25679 stdlib v1.24.6 1.25.8, 1.26.1 url.Parse insufficiently validated the host/authority com...
High CVE-2026-27145 stdlib v1.24.6 1.25.11, 1.26.4 crypto/x509: golang: golang crypto/x509: Denial of Servic...
High CVE-2026-32280 stdlib v1.24.6 1.25.9, 1.26.2 During chain building, the amount of work that is done is...
High CVE-2026-32281 stdlib v1.24.6 1.25.9, 1.26.2 Validating certificate chains which use policies is unexp...
High CVE-2026-32283 stdlib v1.24.6 1.25.9, 1.26.2 If one side of the TLS connection sends multiple key upda...
High CVE-2026-33811 stdlib v1.24.6 1.25.10, 1.26.3 When using LookupCNAME with the cgo DNS resolver, a very ...
High CVE-2026-33814 stdlib v1.24.6 1.25.10, 1.26.3 net/http/internal/http2: golang: golang.org/x/net: Go HTT...
High CVE-2026-39820 stdlib v1.24.6 1.25.10, 1.26.3 Well-crafted inputs reaching ParseAddress, ParseAddressLi...
High CVE-2026-39822 stdlib v1.24.6 1.25.12, 1.26.5, 1.27.0-rc.2 On Unix systems, opening a file in an os.Root improperly ...
High CVE-2026-39836 stdlib v1.24.6 1.25.10, 1.26.3 The Dial and LookupPort functions panic on Windows when p...
High CVE-2026-42499 stdlib v1.24.6 1.25.10, 1.26.3 Pathological inputs could cause DoS through consumePhrase...
High CVE-2026-42504 stdlib v1.24.6 1.25.11, 1.26.4 Decoding a maliciously-crafted MIME header containing man...
High GO-2026-4341 stdlib go1.24.6 1.24.12 The net/url package does not set a limit on the number of...
High GO-2026-5037 stdlib go1.24.6 1.25.11 (*x509.Certificate).VerifyHostname previously called matc...
High GO-2026-4981 stdlib go1.24.6 1.25.10 When using LookupCNAME with the cgo DNS resolver, a very ...
High GO-2026-4977 stdlib go1.24.6 1.25.10 Pathological inputs could cause DoS through consumePhrase...
High GO-2026-4986 stdlib go1.24.6 1.25.10 Well-crafted inputs reaching ParseAddress, ParseAddressLi...
High GO-2026-4918 golang.org/x/net v0.38.0 0.53.0 When processing HTTP/2 SETTINGS frames, transport will en...
High GO-2026-4918 stdlib go1.24.6 1.25.10 When processing HTTP/2 SETTINGS frames, transport will en...
High GO-2026-4601 stdlib go1.24.6 1.25.8 url.Parse insufficiently validated the host/authority com...
High CVE-2026-27140 stdlib go1.24.6 1.25.9 SWIG file names containing 'cgo' and well-crafted payload...
High GHSA-pc3f-x583-g7j2 github.com/moby/spdystream v0.5.0 0.5.1 SpdyStream: DOS on CRI
High GO-2025-4009 stdlib go1.24.6 1.24.8 The processing time for parsing some invalid inputs scale...
High GO-2026-4870 stdlib go1.24.6 1.25.9 If one side of the TLS connection sends multiple key upda...
High GO-2026-4947 stdlib go1.24.6 1.25.9 During chain building, the amount of work that is done is...
High GO-2025-4006 stdlib go1.24.6 1.24.8 The ParseAddress function constructs domain-literal addre...
High GO-2026-4971 stdlib go1.24.6 1.25.10 The Dial and LookupPort functions panic on Windows when p...
High GO-2026-5038 stdlib go1.24.6 1.25.11 Decoding a maliciously-crafted MIME header containing man...
High CVE-2025-61731 stdlib go1.24.6 1.24.12 Building a malicious file with cmd/go can cause can cause...
High GO-2026-5026 golang.org/x/net v0.38.0 0.55.0 The ToASCII and ToUnicode functions incorrectly accept Pu...
High CVE-2025-61732 stdlib go1.24.6 1.24.13 A discrepancy between how Go and C/C++ comments were pars...
High GO-2025-4155 stdlib go1.24.6 1.24.11 Within HostnameError.Error(), when constructing an error ...
High GO-2025-4007 stdlib go1.24.6 1.24.9 Due to the design of the name constraint checking algorit...
High GO-2025-4013 stdlib go1.24.6 1.24.8 Validating certificate chains which contain DSA public ke...
High GO-2026-4946 stdlib go1.24.6 1.25.9 Validating certificate chains which use policies is unexp...
High CVE-2026-27144 stdlib go1.24.6 1.25.9 The compiler is meant to unwrap pointers which are the op...
High CVE-2026-42501 stdlib go1.24.6 1.25.10 A malicious module proxy can exploit a flaw in the go com...
High GO-2026-4970 stdlib go1.24.6 1.25.12 On Unix systems, opening a file in an os.Root improperly ...
Medium CVE-2025-47911 golang.org/x/net v0.38.0 0.45.0 golang.org/x/net/html: Quadratic parsing complexity in go...
Medium CVE-2025-58190 golang.org/x/net v0.38.0 0.45.0 golang.org/x/net/html: Infinite parsing loop in golang.or...
Medium CVE-2026-25680 golang.org/x/net v0.38.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Denial of S...
Medium CVE-2026-42502 golang.org/x/net v0.38.0 0.55.0 golang.org/x/net/html: golang: golang.org/x/net/html: Cro...
Medium CVE-2026-42506 golang.org/x/net v0.38.0 0.55.0 golang.org/x/net/html: golang.org/x/net/html: Cross-Site ...
Medium CVE-2025-13281 k8s.io/kubernetes v1.34.0 1.32.10, 1.33.6, 1.34.2 kube-controller-manager: Portworx Half-Blind SSRF in kube...
Medium CVE-2025-47912 stdlib v1.24.6 1.24.8, 1.25.2 The Parse function permits values other than IPv6 address...
Medium CVE-2025-58183 stdlib v1.24.6 1.24.8, 1.25.2 tar.Reader does not set a maximum size on the number of s...
Medium CVE-2025-58185 stdlib v1.24.6 1.24.8, 1.25.2 Parsing a maliciously crafted DER payload could allocate ...
Medium CVE-2025-58187 stdlib v1.24.6 1.24.9, 1.25.3 Due to the design of the name constraint checking algorit...
Medium CVE-2025-58188 stdlib v1.24.6 1.24.8, 1.25.2 Validating certificate chains which contain DSA public ke...
Medium CVE-2025-58189 stdlib v1.24.6 1.24.8, 1.25.2 When Conn.Handshake fails during ALPN negotiation the err...
Medium CVE-2025-61723 stdlib v1.24.6 1.24.8, 1.25.2 The processing time for parsing some invalid inputs scale...
Medium CVE-2025-61724 stdlib v1.24.6 1.24.8, 1.25.2 The Reader.ReadResponse function constructs a response st...
Medium CVE-2025-61725 stdlib v1.24.6 1.24.8, 1.25.2 The ParseAddress function constructs domain-literal addre...
Medium CVE-2025-61727 stdlib v1.24.6 1.24.11, 1.25.5 An excluded subdomain constraint in a certificate chain d...
Medium CVE-2025-61728 stdlib v1.24.6 1.24.12, 1.25.6 archive/zip uses a super-linear file name indexing algori...
Medium CVE-2025-61730 stdlib v1.24.6 1.24.12, 1.25.6 During the TLS 1.3 handshake if multiple messages are sen...
Medium CVE-2026-27142 stdlib v1.24.6 1.25.8, 1.26.1 Actions which insert URLs into the content attribute of H...
Medium CVE-2026-32282 stdlib v1.24.6 1.25.9, 1.26.2 On Linux, if the target of Root.Chmod is replaced with a ...
Medium CVE-2026-32288 stdlib v1.24.6 1.25.9, 1.26.2 tar.Reader can allocate an unbounded amount of memory whe...
Medium CVE-2026-32289 stdlib v1.24.6 1.25.9, 1.26.2 html/template: golang: html/template: Cross-Site Scriptin...
Medium CVE-2026-39823 stdlib v1.24.6 1.25.10, 1.26.3 html/template: golang: Go html/template: Cross-Site Scrip...
Medium CVE-2026-39825 stdlib v1.24.6 1.25.10, 1.26.3 net/http/httputil: golang: net/http/httputil: ReverseProx...
Medium CVE-2026-39826 stdlib v1.24.6 1.25.10, 1.26.3 If a trusted template author were to write a <script> tag...
Medium CVE-2026-42505 stdlib v1.24.6 1.25.12, 1.26.5, 1.27.0-rc.2 Handshakes which used Encrypted Client Hello could be de-...
Medium CVE-2026-42507 stdlib v1.24.6 1.25.11, 1.26.4 When returning errors, functions in the net/textproto pac...
Medium GO-2026-4342 stdlib go1.24.6 1.24.12 archive/zip uses a super-linear file name indexing algori...
Medium GO-2025-4012 stdlib go1.24.6 1.24.8 Despite HTTP headers having a default limit of 1MB, the n...
Medium GO-2025-4015 stdlib go1.24.6 1.24.8 The Reader.ReadResponse function constructs a response st...
Medium GO-2025-4011 stdlib go1.24.6 1.24.8 Parsing a maliciously crafted DER payload could allocate ...
Medium GO-2026-4440 golang.org/x/net v0.38.0 0.45.0 The html.Parse function in golang.org/x/net/html has quad...
Medium GO-2026-4441 golang.org/x/net v0.38.0 0.45.0 The html.Parse function in golang.org/x/net/html has an i...
Medium GO-2025-4008 stdlib go1.24.6 1.24.8 When Conn.Handshake fails during ALPN negotiation the err...
Medium GO-2025-4010 stdlib go1.24.6 1.24.8 The Parse function permits values other than IPv6 address...
Medium GO-2026-5856 stdlib go1.24.6 1.25.12 Handshakes which used Encrypted Client Hello could be de-...
Medium GO-2026-4980 stdlib go1.24.6 1.25.10 If a trusted template author were to write a <script> tag...
Medium GO-2026-4976 stdlib go1.24.6 1.25.10 ReverseProxy can forward queries containing parameters no...
Medium GHSA-r6j8-c6r2-37rr k8s.io/kubernetes v1.34.0 1.34.2 kube-controller-manager is vulnerable to half-blind Serve...
Medium GO-2025-4014 stdlib go1.24.6 1.24.8 tar.Reader does not set a maximum size on the number of s...
Medium GO-2026-5039 stdlib go1.24.6 1.25.11 When returning errors, functions in the net/textproto pac...
Medium GO-2026-4603 stdlib go1.24.6 1.25.8 Actions which insert URLs into the content attribute of H...
Medium GO-2026-4982 stdlib go1.24.6 1.25.10 CVE-2026-27142 fixed a vulnerability in which URLs were n...
Medium GO-2026-4864 stdlib go1.24.6 1.25.9 On Linux, if the target of Root.Chmod is replaced with a ...
Medium CVE-2025-60876 busybox 1.37.0-r31 β€” BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) ...
Medium CVE-2025-60876 busybox-binsh 1.37.0-r31 β€” BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) ...
Medium CVE-2025-60876 ssl_client 1.37.0-r31 β€” BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) ...
Medium GO-2026-4865 stdlib go1.24.6 1.25.9 Context was not properly tracked across template branches...
Medium GO-2025-4175 stdlib go1.24.6 1.24.11 An excluded subdomain constraint in a certificate chain d...
Medium GO-2026-4869 stdlib go1.24.6 1.25.9 tar.Reader can allocate an unbounded amount of memory whe...
Medium GHSA-5cv4-jp36-h3mw golang.org/x/net v0.38.0 0.55.0 Go Net HTML parser is vulnerable to denial of service
Medium GO-2026-5028 golang.org/x/net v0.38.0 0.55.0 Parsing arbitrary HTML can consume excessive CPU time, po...
Medium GO-2026-4340 stdlib go1.24.6 1.24.12 During the TLS 1.3 handshake if multiple messages are sen...
Medium GO-2026-5025 golang.org/x/net v0.38.0 0.55.0 Parsing arbitrary HTML which is then rendered using Rende...
Medium GO-2026-5027 golang.org/x/net v0.38.0 0.55.0 Parsing arbitrary HTML which is then rendered using Rende...
Medium GO-2026-5029 golang.org/x/net v0.38.0 0.55.0 Parsing arbitrary HTML which is then rendered using Rende...
Medium GO-2026-5030 golang.org/x/net v0.38.0 0.55.0 Parsing arbitrary HTML which is then rendered using Rende...
Medium CVE-2026-39817 stdlib go1.24.6 1.25.10 The "go tool pack" subcommand (usually used only by the c...
Medium CVE-2026-39819 stdlib go1.24.6 1.25.10 The "go bug" command writes to two files with predictable...
Low CVE-2025-58186 stdlib v1.24.6 1.24.8, 1.25.2 Despite HTTP headers having a default limit of 1MB, the n...
Low CVE-2026-27139 stdlib v1.24.6 1.25.8, 1.26.1 On Unix platforms, when listing the contents of a directo...
Low GO-2026-4602 stdlib go1.24.6 1.25.8 On Unix platforms, when listing the contents of a directo...
Low GO-2026-5024 golang.org/x/sys v0.31.0 0.44.0 NewNTUnicodeString does not check for string length overf...
---
Full changelog
  • [af24b4a] best-effort live-cluster augmentation for blind backends (SoFMeRight)
  • [9c8bcc3] refresh generated docs and badges (stagefreight)
  • [c154158] never prune a port PolySieve cannot account for (SoFMeRight)
  • [392598d] refresh generated docs and badges (stagefreight)