Skip to content

[SECURITY] fix: Adjust the toolchain version#36537

Merged
silverwind merged 1 commit into
go-gitea:mainfrom
ZPascal:fix-security-issues
Feb 5, 2026
Merged

[SECURITY] fix: Adjust the toolchain version#36537
silverwind merged 1 commit into
go-gitea:mainfrom
ZPascal:fix-security-issues

Conversation

@ZPascal
Copy link
Copy Markdown
Contributor

@ZPascal ZPascal commented Feb 5, 2026

Summary:

  • Adjust the toolchain version to fix the security issues
Vulnerability #1: GO-2026-4337
    Unexpected session resumption in crypto/tls
  More info: https://pkg.go.dev/vuln/GO-2026-4337
  Standard library
    Found in: crypto/tls@go1.25.6
    Fixed in: crypto/tls@go1.25.7
    Example traces found:

@ZPascal
fix: Adjust the toolchain version
001b6dd 
Signed-off-by: Pascal Zimmermann <pascal.zimmermann@theiotstudio.com>
@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Feb 5, 2026
@silverwind silverwind added the outdated/backport/v1.24 This PR should be backported to Gitea 1.24 label Feb 5, 2026
@silverwind silverwind enabled auto-merge (squash) February 5, 2026 23:11
@silverwind silverwind disabled auto-merge February 5, 2026 23:15
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Feb 5, 2026
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Feb 5, 2026
@silverwind silverwind merged commit 50fdd2d into go-gitea:main Feb 5, 2026
24 checks passed
@GiteaBot GiteaBot added this to the 1.26.0 milestone Feb 5, 2026
@techknowlogick techknowlogick added backport/v1.25 This PR should be backported to Gitea 1.25 and removed outdated/backport/v1.24 This PR should be backported to Gitea 1.24 labels Feb 5, 2026
@silverwind silverwind added backport/v1.25 This PR should be backported to Gitea 1.25 and removed backport/v1.25 This PR should be backported to Gitea 1.25 labels Feb 6, 2026
GiteaBot pushed a commit to GiteaBot/gitea that referenced this pull request Feb 6, 2026
@ZPascal @GiteaBot
[SECURITY] fix: Adjust the toolchain version (go-gitea#36537)
852b375 
# Summary:

- Adjust the toolchain version to fix the security issues


```log
Vulnerability go-gitea#1: GO-2026-4337
    Unexpected session resumption in crypto/tls
  More info: https://pkg.go.dev/vuln/GO-2026-4337
  Standard library
    Found in: crypto/tls@go1.25.6
    Fixed in: crypto/tls@go1.25.7
    Example traces found:
```

Signed-off-by: Pascal Zimmermann <pascal.zimmermann@theiotstudio.com>
@GiteaBot GiteaBot mentioned this pull request Feb 6, 2026
Merged
@GiteaBot GiteaBot added the backport/done All backports for this PR have been created label Feb 6, 2026
techknowlogick pushed a commit that referenced this pull request Feb 6, 2026
@GiteaBot @ZPascal
[SECURITY] fix: Adjust the toolchain version (#36537) (#36542)
dcce96c 
Backport #36537 by @ZPascal

# Summary:

- Adjust the toolchain version to fix the security issues


```log
Vulnerability #1: GO-2026-4337
    Unexpected session resumption in crypto/tls
  More info: https://pkg.go.dev/vuln/GO-2026-4337
  Standard library
    Found in: crypto/tls@go1.25.6
    Fixed in: crypto/tls@go1.25.7
    Example traces found:
```

Signed-off-by: Pascal Zimmermann <pascal.zimmermann@theiotstudio.com>
Co-authored-by: Pascal Zimmermann <pascal.zimmermann@theiotstudio.com>
@ZPascal ZPascal deleted the fix-security-issues branch February 8, 2026 10:23
zjjhot added a commit to zjjhot/gitea that referenced this pull request Feb 9, 2026
@zjjhot
Merge remote-tracking branch 'giteaofficial/main'
f55a8b3 
* giteaofficial/main:
  Refactor merge conan and container auth preserve actions taskID (go-gitea#36560)
  Fix assignee sidebar links and empty placeholder after go-gitea#32465 refactor (go-gitea#36559)
  Fix various version parsing problems (go-gitea#36553)
  Fix highlight diff result (go-gitea#36539)
  Refactor Nuget Auth to reuse Basic Auth Token Validation (go-gitea#36558)
  Update go dependencies (go-gitea#36548)
  Prevent navigation keys from triggering actions during IME composition (go-gitea#36540)
  Fix various mermaid bugs (go-gitea#36547)
  Add `elk` layout support to mermaid (go-gitea#36486)
  Allow configuring default PR base branch (fixes go-gitea#36412) (go-gitea#36425)
  [skip ci] Updated translations via Crowdin
  Color command/error logs in Actions log (go-gitea#36538)
  Add paging headers (go-gitea#36521)
  Fix issues filter dropdown showing empty label scope section (go-gitea#36535)
  [SECURITY] fix: Adjust the toolchain version (go-gitea#36537)
  Hide `add-matcher` and `remove-matcher` from actions job logs (go-gitea#36520)
  Improve timeline entries for WIP prefix changes in pull requests (go-gitea#36518)
Sirherobrine23 pushed a commit to Sirherobrine23/gitea that referenced this pull request Mar 4, 2026
@ZPascal @Sirherobrine23
[SECURITY] fix: Adjust the toolchain version (go-gitea#36537)
1a6364e 
# Summary:

- Adjust the toolchain version to fix the security issues


```log
Vulnerability #1: GO-2026-4337
    Unexpected session resumption in crypto/tls
  More info: https://pkg.go.dev/vuln/GO-2026-4337
  Standard library
    Found in: crypto/tls@go1.25.6
    Fixed in: crypto/tls@go1.25.7
    Example traces found:
```

Signed-off-by: Pascal Zimmermann <pascal.zimmermann@theiotstudio.com>
@go-gitea go-gitea locked as resolved and limited conversation to collaborators May 7, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@silverwind silverwind silverwind approved these changes

@TheFox0x7 TheFox0x7 TheFox0x7 approved these changes

Assignees

No one assigned

Labels

backport/done All backports for this PR have been created backport/v1.25 This PR should be backported to Gitea 1.25 lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore.

Projects

None yet

Milestone

1.26.0

Development

Successfully merging this pull request may close these issues.

5 participants

@ZPascal @silverwind @TheFox0x7 @techknowlogick @GiteaBot