Skip to content

v6.2.7

Choose a tag to compare

View all tags
@reinkrul reinkrul released this 27 May 09:42
v6.2.7
9221c42
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Security release addressing the following advisories:

Advisory Package Description
GO-2026-5018 golang.org/x/crypto/ssh DoS during public key authentication: unbounded RSA modulus / DSA parameter size in the RSA/DSA public key parsers caused multi-minute CPU consumption during signature verification.
GO-2026-5026 golang.org/x/net/idna Privilege escalation: ToASCII/ToUnicode incorrectly accepted Punycode-encoded labels that decode to ASCII-only labels, allowing bypass of hostname-based checks.
GO-2026-4945 github.com/go-jose/go-jose/v4 DoS: panic when decrypting maliciously crafted JWE tokens.
GO-2026-4985 go.opentelemetry.io/otel/exporters/otlp/...http DoS: OTLP HTTP exporters did not limit response body size; a malicious or misconfigured collector could trigger OOM.

Full Changelog: v6.2.6...v6.2.7

Assets 4
Loading