Skip to content

Bump golang.org/x/crypto from v0.37.0 to v0.53.0 to fix critical vulns#39

Merged
Farjaad merged 1 commit into
mainfrom
fix/golang-x-crypto-vulns
Jul 8, 2026
Merged

Bump golang.org/x/crypto from v0.37.0 to v0.53.0 to fix critical vulns#39
Farjaad merged 1 commit into
mainfrom
fix/golang-x-crypto-vulns

Conversation

@Farjaad

@Farjaad Farjaad commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Summary

Bumps golang.org/x/crypto from v0.37.0 to v0.53.0 to remediate 10 critical vulnerabilities.

Vulnerabilities Fixed

ID Description
GHSA-vgwf-h737-ff37 Invoking client can cause server deadlock on unexpected responses
GHSA-5cgq-3rg8-m6cv Auth bypass via unenforced @revoked status
GHSA-rm3j-f69w-wqmq Infinite loop on large channel writes (integer overflow >4GB)
GHSA-x527-x647-q7gg VerifiedPublicKeyCallback permissions skip enforcement
GHSA-89gr-r52h-f8rx FIDO/U2F security key physical presence check can be bypassed
GHSA-jppx-rxg9-jmrx Invoking key constraints not enforced
GO-2026-5005 In-memory keyring silently ignores ConfirmBeforeUse constraint
GHSA-f5wc-c3c7-36mc Agent constraints dropped when forwarding keys
GO-2026-5019 FIDO/U2F User Presence flag not checked in Verify()
GO-2026-5020 Integer overflow in SSH channel write causes infinite loop

Changes

  • golang.org/x/crypto: v0.37.0 → v0.53.0
  • Transitive golang.org/x/* packages updated accordingly
  • go directive bumped from 1.24.0 → 1.25.0 (required by the new toolchain)

@Farjaad Farjaad force-pushed the fix/golang-x-crypto-vulns branch from ce312d4 to f4027cd Compare July 8, 2026 16:50
@Farjaad Farjaad requested a review from archf July 8, 2026 16:53
@Farjaad Farjaad merged commit eaecae7 into main Jul 8, 2026
4 checks passed
@Farjaad Farjaad deleted the fix/golang-x-crypto-vulns branch July 8, 2026 18:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants