Skip to content

[SECURITY] fix: Adjust the toolchain version#36537

Merged
silverwind merged 1 commit intogo-gitea:mainfrom
ZPascal:fix-security-issues
Feb 5, 2026
Merged

[SECURITY] fix: Adjust the toolchain version#36537
silverwind merged 1 commit intogo-gitea:mainfrom
ZPascal:fix-security-issues

Conversation

@ZPascal
Copy link
Copy Markdown
Contributor

@ZPascal ZPascal commented Feb 5, 2026

Summary:

  • Adjust the toolchain version to fix the security issues
Vulnerability #1: GO-2026-4337
    Unexpected session resumption in crypto/tls
  More info: https://pkg.go.dev/vuln/GO-2026-4337
  Standard library
    Found in: crypto/tls@go1.25.6
    Fixed in: crypto/tls@go1.25.7
    Example traces found:

@ZPascal
fix: Adjust the toolchain version
001b6dd 
Signed-off-by: Pascal Zimmermann <pascal.zimmermann@theiotstudio.com>
@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Feb 5, 2026
@silverwind silverwind added the outdated/backport/v1.24 This PR should be backported to Gitea 1.24 label Feb 5, 2026
@silverwind silverwind enabled auto-merge (squash) February 5, 2026 23:11
@silverwind silverwind disabled auto-merge February 5, 2026 23:15
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Feb 5, 2026
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Feb 5, 2026
@silverwind silverwind merged commit 50fdd2d into go-gitea:main Feb 5, 2026
24 checks passed
@GiteaBot GiteaBot added this to the 1.26.0 milestone Feb 5, 2026
@techknowlogick techknowlogick added backport/v1.25 This PR should be backported to Gitea 1.25 and removed outdated/backport/v1.24 This PR should be backported to Gitea 1.24 labels Feb 5, 2026
@silverwind silverwind added backport/v1.25 This PR should be backported to Gitea 1.25 and removed backport/v1.25 This PR should be backported to Gitea 1.25 labels Feb 6, 2026
GiteaBot pushed a commit to GiteaBot/gitea that referenced this pull request Feb 6, 2026
@ZPascal @GiteaBot
[SECURITY] fix: Adjust the toolchain version (go-gitea#36537)
852b375 
# Summary:

- Adjust the toolchain version to fix the security issues


```log
Vulnerability go-gitea#1: GO-2026-4337
    Unexpected session resumption in crypto/tls
  More info: https://pkg.go.dev/vuln/GO-2026-4337
  Standard library
    Found in: crypto/tls@go1.25.6
    Fixed in: crypto/tls@go1.25.7
    Example traces found:
```

Signed-off-by: Pascal Zimmermann <pascal.zimmermann@theiotstudio.com>
@GiteaBot GiteaBot mentioned this pull request Feb 6, 2026
Merged
@GiteaBot GiteaBot added the backport/done All backports for this PR have been created label Feb 6, 2026
techknowlogick pushed a commit that referenced this pull request Feb 6, 2026
@GiteaBot @ZPascal
[SECURITY] fix: Adjust the toolchain version (#36537) (#36542)
dcce96c 
Backport #36537 by @ZPascal

# Summary:

- Adjust the toolchain version to fix the security issues


```log
Vulnerability #1: GO-2026-4337
    Unexpected session resumption in crypto/tls
  More info: https://pkg.go.dev/vuln/GO-2026-4337
  Standard library
    Found in: crypto/tls@go1.25.6
    Fixed in: crypto/tls@go1.25.7
    Example traces found:
```

Signed-off-by: Pascal Zimmermann <pascal.zimmermann@theiotstudio.com>
Co-authored-by: Pascal Zimmermann <pascal.zimmermann@theiotstudio.com>
@ZPascal ZPascal deleted the fix-security-issues branch February 8, 2026 10:23
zjjhot added a commit to zjjhot/gitea that referenced this pull request Feb 9, 2026
@zjjhot
Merge remote-tracking branch 'giteaofficial/main'
f55a8b3 
* giteaofficial/main:
  Refactor merge conan and container auth preserve actions taskID (go-gitea#36560)
  Fix assignee sidebar links and empty placeholder after go-gitea#32465 refactor (go-gitea#36559)
  Fix various version parsing problems (go-gitea#36553)
  Fix highlight diff result (go-gitea#36539)
  Refactor Nuget Auth to reuse Basic Auth Token Validation (go-gitea#36558)
  Update go dependencies (go-gitea#36548)
  Prevent navigation keys from triggering actions during IME composition (go-gitea#36540)
  Fix various mermaid bugs (go-gitea#36547)
  Add `elk` layout support to mermaid (go-gitea#36486)
  Allow configuring default PR base branch (fixes go-gitea#36412) (go-gitea#36425)
  [skip ci] Updated translations via Crowdin
  Color command/error logs in Actions log (go-gitea#36538)
  Add paging headers (go-gitea#36521)
  Fix issues filter dropdown showing empty label scope section (go-gitea#36535)
  [SECURITY] fix: Adjust the toolchain version (go-gitea#36537)
  Hide `add-matcher` and `remove-matcher` from actions job logs (go-gitea#36520)
  Improve timeline entries for WIP prefix changes in pull requests (go-gitea#36518)
Sirherobrine23 pushed a commit to Sirherobrine23/gitea that referenced this pull request Mar 4, 2026
@ZPascal @Sirherobrine23
[SECURITY] fix: Adjust the toolchain version (go-gitea#36537)
1a6364e 
# Summary:

- Adjust the toolchain version to fix the security issues


```log
Vulnerability #1: GO-2026-4337
    Unexpected session resumption in crypto/tls
  More info: https://pkg.go.dev/vuln/GO-2026-4337
  Standard library
    Found in: crypto/tls@go1.25.6
    Fixed in: crypto/tls@go1.25.7
    Example traces found:
```

Signed-off-by: Pascal Zimmermann <pascal.zimmermann@theiotstudio.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@silverwind silverwind silverwind approved these changes

+1 more reviewer

@TheFox0x7 TheFox0x7 TheFox0x7 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

backport/done All backports for this PR have been created backport/v1.25 This PR should be backported to Gitea 1.25 lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. modifies/dependencies

Projects

None yet

Milestone

1.26.0

Development

Successfully merging this pull request may close these issues.

5 participants

@ZPascal @silverwind @TheFox0x7 @techknowlogick @GiteaBot