Skip to content

v5.4.34

Choose a tag to compare

View all tags
@reinkrul reinkrul released this 27 May 09:41
v5.4.34
2b4063d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Security release addressing the following advisories:

Advisory Package Description
GO-2026-5018 golang.org/x/crypto/ssh DoS during public key authentication: unbounded RSA modulus / DSA parameter size in the RSA/DSA public key parsers caused multi-minute CPU consumption during signature verification.
GO-2026-5026 golang.org/x/net/idna Privilege escalation: ToASCII/ToUnicode incorrectly accepted Punycode-encoded labels that decode to ASCII-only labels, allowing bypass of hostname-based checks.
GO-2026-4945 github.com/go-jose/go-jose/v4 DoS: panic when decrypting maliciously crafted JWE tokens.

Full Changelog: v5.4.33...v5.4.34

Assets 2
Loading