Skip to content

cves: bump go to 1.26.5#90

Merged
sergicastro merged 1 commit into
release-v1.16.xfrom
go1.26.5
Jul 14, 2026
Merged

cves: bump go to 1.26.5#90
sergicastro merged 1 commit into
release-v1.16.xfrom
go1.26.5

Conversation

@tetrate-ci

Copy link
Copy Markdown

CVEs addressed

Severity CVE Component Fix
HIGH CVE-2026-42505 stdlib Go 1.26.5
HIGH CVE-2026-39822 stdlib Go 1.26.5

Changes

  • Bumped Go from 1.26.4 to 1.26.5 in go.mod
  • Ran go mod tidy
  • Updated config/manager/kustomization.yaml and kubegres.yaml via make deploy equivalent for tag v1.16.0-tetrate-v40

Expected new tag

v1.16.0-tetrate-v40

Related to tetrateio/tetrate#31967
Related to tetrateio/tetrate#31968
Related to tetrateio/tetrate#31970
Related to tetrateio/tetrate#31971
Related to tetrateio/tetrate#31973
Related to tetrateio/tetrate#31974

@tetrate-ci

Copy link
Copy Markdown
Author

@tetrateio/mp This PR needs a reviewer with write access to approve and merge. It bumps Go to 1.26.5 to fix CVE-2026-42505 and CVE-2026-39822. CI is passing. After merge, the publish-release workflow needs to be run with version=v1.16.0-tetrate-v40, branch=release-v1.16.x to publish the image. Blocking monorepo PRs: #31976, #31977, #31978.

@sergicastro sergicastro merged commit 78e35d4 into release-v1.16.x Jul 14, 2026
19 of 23 checks passed
@sergicastro sergicastro deleted the go1.26.5 branch July 14, 2026 14:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants