Skip to content

Upgrade Go to 1.26.5 to fix CVE (v5.4.37)#4405

Open
reinkrul wants to merge 1 commit into
V5.4from
fix/go-1.26.5-v5.4
Open

Upgrade Go to 1.26.5 to fix CVE (v5.4.37)#4405
reinkrul wants to merge 1 commit into
V5.4from
fix/go-1.26.5-v5.4

Conversation

@reinkrul

@reinkrul reinkrul commented Jul 9, 2026

Copy link
Copy Markdown
Member

Summary

  • Upgrade Go to 1.26.5
  • Add release notes for v5.4.37

Fixes the following vulnerabilities:

Advisory Package Description
GO-2026-5856 crypto/tls (stdlib) De-anonymization of Encrypted Client Hello (ECH) handshakes: PSK identities were disclosed in the unencrypted client hello, allowing passive network observers to de-anonymize sessions

Assisted by AI

@qltysh

qltysh Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Qlty


Coverage Impact

This PR will not change total coverage.

🚦 See full report on Qlty Cloud »

🛟 Help
  • Diff Coverage: Coverage for added or modified lines of code (excludes deleted files). Learn more.

  • Total Coverage: Coverage for the whole repository, calculated as the sum of all File Coverage. Learn more.

  • File Coverage: Covered Lines divided by Covered Lines plus Missed Lines. (Excludes non-executable lines including blank lines and comments.)

    • Indirect Changes: Changes to File Coverage for files that were not modified in this PR. Learn more.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant