Skip to content

chore(core): CVE mitigation 08-04-2026#2196

Merged
LopatinDmitr merged 1 commit intomainfrom
chore/core/cve-mitigation
Apr 9, 2026
Merged

chore(core): CVE mitigation 08-04-2026#2196
LopatinDmitr merged 1 commit intomainfrom
chore/core/cve-mitigation

Conversation

@LopatinDmitr
Copy link
Copy Markdown
Contributor

@LopatinDmitr LopatinDmitr commented Apr 8, 2026
edited
Loading

Description

  • Fix CVE-2026-32280 Unexpected work during chain building in crypto/x509
  • Fix CVE-2026-32281 Inefficient policy validation in crypto/x509
  • Fix CVE-2026-32282 TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix...
  • Fix CVE-2026-32283 Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS..
  • Fix CVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tar
  • Fix CVE-2026-32289 JsBraceDepth Context Tracking Bugs (XSS) in html/template

Checklist

  • The code is covered by unit tests.
  • e2e tests passed.
  • Documentation updated according to the changes.
  • Changes were tested in the Kubernetes cluster manually.

Changelog entries

section: core
type: fix
summary: Fixed vulnerabilities CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32288, CVE-2026-32289

@LopatinDmitr
chore(core): cve mitigation
7b637b6 
Signed-off-by: Dmitry Lopatin <dmitry.lopatin@flant.com>
@LopatinDmitr LopatinDmitr added this to the v1.8.0 milestone Apr 8, 2026
@LopatinDmitr LopatinDmitr marked this pull request as ready for review April 8, 2026 16:48
@LopatinDmitr LopatinDmitr changed the title chore(core): cve mitigation 08-04-2026 chore(core): CVE mitigation 08-04-2026 Apr 8, 2026
@LopatinDmitr LopatinDmitr merged commit c8bbfeb into main Apr 9, 2026
32 of 36 checks passed
@LopatinDmitr LopatinDmitr deleted the chore/core/cve-mitigation branch April 9, 2026 07:46
@deckhouse-BOaTswain deckhouse-BOaTswain mentioned this pull request Apr 8, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@diafour diafour diafour approved these changes

@Isteb4k Isteb4k Awaiting requested review from Isteb4k Isteb4k is a code owner

@yaroslavborbat yaroslavborbat Awaiting requested review from yaroslavborbat yaroslavborbat is a code owner

@universal-itengineer universal-itengineer Awaiting requested review from universal-itengineer universal-itengineer is a code owner

@nevermarine nevermarine Awaiting requested review from nevermarine nevermarine is a code owner

Assignees

@LopatinDmitr LopatinDmitr

Labels

None yet

Projects

None yet

Milestone

v1.8.0

Development

Successfully merging this pull request may close these issues.

2 participants

@LopatinDmitr @diafour