Skip to content

🌱 Bump Go version to fix CVE-2026-25679 (stdlib)#461

Merged
mkumatag merged 3 commits intoIBM:mainfrom
adarshagrawal38:stlib-cve
Mar 24, 2026
Merged

🌱 Bump Go version to fix CVE-2026-25679 (stdlib)#461
mkumatag merged 3 commits intoIBM:mainfrom
adarshagrawal38:stlib-cve

Conversation

@adarshagrawal38
Copy link
Copy Markdown
Member

@adarshagrawal38 adarshagrawal38 commented Mar 11, 2026
edited
Loading

@adarshagrawal38
Fixing stdlib cves in ai-services
26d1f9f 
Signed-off-by: Adarsh Agrawal <adarsh.agrawal1@ibm.com>
yussufsh
yussufsh previously approved these changes Mar 17, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@yussufsh yussufsh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@yussufsh
Copy link
Copy Markdown
Member

yussufsh commented Mar 17, 2026

@adarshagrawal38 I see go-toolset:1.25 is still at go1.25.7.

@adarshagrawal38
Copy link
Copy Markdown
Member Author

adarshagrawal38 commented Mar 17, 2026

go-toolset:1.25

For go-toolset:1.25 image support upto go version upto 1.25.7, till date.
https://catalog.redhat.com/en/software/containers/rhel9/go-toolset/61df08166d9a1b7b2aab2344/history

Any suggestion what we should do here?

Shall we wait until redhat provide support? or we can use registry.redhat.io/ubi9/ubi:9.7 and install desired go version

cc: @mkumatag

@mkumatag
Copy link
Copy Markdown
Member

mkumatag commented Mar 18, 2026

go-toolset:1.25

For go-toolset:1.25 image support upto go version upto 1.25.7, till date. https://catalog.redhat.com/en/software/containers/rhel9/go-toolset/61df08166d9a1b7b2aab2344/history

Any suggestion what we should do here?

Shall we wait until redhat provide support? or we can use registry.redhat.io/ubi9/ubi:9.7 and install desired go version

cc: @mkumatag

let us wait for few more weeks and see how this goes, otherwise we may need to explore building it via public golang image with an updated version

@yussufsh yussufsh self-requested a review March 24, 2026 12:13
@adarshagrawal38
Remove go-toolset image, and install go-1.25.8 in builder stage
705298b 
Signed-off-by: Adarsh Agrawal <adarsh.agrawal1@ibm.com>
@adarshagrawal38 adarshagrawal38 changed the title Fixing stdlib cves in ai-services 🌱 Bump Go version to fix CVE-2026-25679 (stdlib) Mar 24, 2026
@adarshagrawal38
Update ai-service image version
baaae73 
Signed-off-by: Adarsh Agrawal <adarsh.agrawal1@ibm.com>
@adarshagrawal38 adarshagrawal38 marked this pull request as ready for review March 24, 2026 14:51
@mkumatag mkumatag merged commit 2ed09d4 into IBM:main Mar 24, 2026
8 checks passed
@adarshagrawal38 adarshagrawal38 deleted the stlib-cve branch March 24, 2026 17:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mkumatag mkumatag mkumatag approved these changes

@yussufsh yussufsh Awaiting requested review from yussufsh

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@adarshagrawal38 @yussufsh @mkumatag