Bump Go to 1.25.3 ⬆️ by cthach · Pull Request #60094 · gravitational/teleport

cthach · 2025-10-09T14:14:34Z

Changelog: Updated Go to 1.25.3.

Skipped Go 1.25.2 because it had breaking changes. Go 1.25.3 reverts those breaking changes while including most of security/bug fixes.

Will be manually backported to previous release branches since they require Go 1.24.x.

Signed-off-by: Chris Thach <chris.thach@goteleport.com>

espadolini · 2025-10-09T19:45:41Z

golang/go#75828 (comment) this will completely break clusters whose name is longer than 31 characters, let's wait and hope they relax the checks?

cthach · 2025-10-09T19:50:03Z

golang/go#75828 (comment) this will completely break clusters whose name is longer than 31 characters, let's wait and hope they relax the checks?

I'm good with holding off. Btw, here are the full validation rules:

// domainNameValid does minimal domain name validity checking. In particular it
// enforces the following properties:
//   - names cannot have the trailing period
//   - names can only have a leading period if constraint is true
//   - names must be <= 253 characters
//   - names cannot have empty labels
//   - names cannot labels that are longer than 63 characters

Besides empty names and clusters with long names, what other rules affect us? Would be good to know

cthach · 2025-10-09T19:51:48Z

Pausing this update for now until a new Go version is released.

espadolini · 2025-10-09T20:10:29Z

what other rules affect us?

The only one we were aware of was the long labels (#52508), I don't think we considered the implications empty SANs until now.

cthach · 2025-10-10T20:19:43Z

Looks like the DNS SANs validation is being relaxed after causing breakage: https://go-review.googlesource.com/c/go/+/710735

I'll wait for it to get pulled into a release before I continue with the updating.

Signed-off-by: Chris Thach <chris.thach@goteleport.com>

* chore: Bump Go to 1.25.2 ⬆️ Signed-off-by: Chris Thach <chris.thach@goteleport.com> * fix: Bump to Go 1.25.3. Revert handling of breaking changes. Signed-off-by: Chris Thach <chris.thach@goteleport.com> --------- Signed-off-by: Chris Thach <chris.thach@goteleport.com>

cthach self-assigned this Oct 9, 2025

cthach added backport-required go Issues related to Go builds/tooling dependencies Pull requests that update a dependency file size/sm backport/branch/v16 backport/branch/v17 backport/branch/v18 labels Oct 9, 2025

cthach force-pushed the cthach/bump-go-1.25.2 branch 2 times, most recently from 0ff7623 to f96aa6b Compare October 9, 2025 17:06

cthach removed backport/branch/v16 backport/branch/v17 backport/branch/v18 labels Oct 9, 2025

cthach force-pushed the cthach/bump-go-1.25.2 branch from 0032ad2 to 2758065 Compare October 9, 2025 18:17

chore: Bump Go to 1.25.2 ⬆️

c3a63e3

Signed-off-by: Chris Thach <chris.thach@goteleport.com>

cthach force-pushed the cthach/bump-go-1.25.2 branch from 2758065 to c3a63e3 Compare October 9, 2025 18:36

cthach mentioned this pull request Oct 9, 2025

[v18] Bump Go to 1.24.9 ⬆️ #60108

Merged

cthach marked this pull request as ready for review October 9, 2025 18:57

cthach requested review from camscale, doggydogworld, fheinecke, hugoShaka, r0mant, rosstimothy, russjones, strideynet, tigrato and zmb3 as code owners October 9, 2025 18:57

cthach enabled auto-merge October 9, 2025 18:57

Merge branch 'master' into cthach/bump-go-1.25.2

9907ae5

cthach marked this pull request as draft October 9, 2025 19:50

auto-merge was automatically disabled October 9, 2025 19:50
Pull request was converted to draft

espadolini reviewed Oct 9, 2025

View reviewed changes

Comment thread lib/service/service.go Outdated

cthach mentioned this pull request Oct 10, 2025

crypto/x509: TLS validation fails for FQDNs with trailing dot golang/go#75828

Closed

cthach changed the title ~~Bump Go to 1.25.2 ⬆️~~ Bump Go to 1.25.3 ⬆️ Oct 14, 2025

fix: Bump to Go 1.25.3. Revert handling of breaking changes.

c5e17b3

Signed-off-by: Chris Thach <chris.thach@goteleport.com>

marcoandredinis approved these changes Oct 14, 2025

View reviewed changes

Merge branch 'master' into cthach/bump-go-1.25.2

067952e

cthach marked this pull request as ready for review October 14, 2025 14:07

cthach requested a review from espadolini October 14, 2025 14:07

github-actions bot requested review from bernardjkim and tigrato October 14, 2025 14:07

public-teleport-github-review-bot bot removed request for aadc-dev and bernardjkim October 14, 2025 14:07

cthach added the security Security Issues label Oct 14, 2025

cthach enabled auto-merge October 14, 2025 14:37

rosstimothy approved these changes Oct 14, 2025

View reviewed changes

cthach added this pull request to the merge queue Oct 14, 2025

Merged via the queue into master with commit 72716be Oct 14, 2025
47 checks passed

cthach deleted the cthach/bump-go-1.25.2 branch October 14, 2025 15:20

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump Go to 1.25.3 ⬆️#60094

Bump Go to 1.25.3 ⬆️#60094
cthach merged 4 commits intomasterfrom
cthach/bump-go-1.25.2

cthach commented Oct 9, 2025 •

edited

Loading

Uh oh!

espadolini commented Oct 9, 2025

Uh oh!

cthach commented Oct 9, 2025

Uh oh!

cthach commented Oct 9, 2025

Uh oh!

espadolini commented Oct 9, 2025

Uh oh!

Uh oh!

cthach commented Oct 10, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

Conversation

cthach commented Oct 9, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

espadolini commented Oct 9, 2025

Uh oh!

cthach commented Oct 9, 2025

Uh oh!

cthach commented Oct 9, 2025

Uh oh!

espadolini commented Oct 9, 2025

Uh oh!

Uh oh!

cthach commented Oct 10, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

cthach commented Oct 9, 2025 •

edited

Loading