You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This patch release brings a revamped TUI experience with a new sandbox info dialog, improved notifications, and better error visibility when the daemon becomes unreachable. It also includes several CLI stability fixes including proper terminal restoration after agent crashes, correct -- separator handling in exec, and graceful handling of invalid sandbox names.
What's New
CLI & TUI
Add sandbox info dialog for viewing sandbox details (#2130)
Show explanatory action when creating a new sandbox (#2128)
Improve TUI notification system with better styling and behavior (#2123)
Show error in TUI when daemon becomes unreachable (#2195)
Bypass login check and network policy setup when running "reset" (#2067)
Bug Fixes
Strip leading -- separator in exec command args (#2057)
Use full terminal reset after agent crash to restore terminal state (#2187)
Gracefully handle invalid/duplicate sandbox names in the TUI and CLI (#2121)
Use --disable-interactivity flag for Windows winget to avoid interactive prompt (#2180)
Configuration
📅 Schedule: (in timezone Europe/Berlin)
Branch creation
At any time (no schedule defined)
Automerge
At any time (no schedule defined)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
If you want to rebase/retry this PR, check this box
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.
Affected range
<1.25.9
Fixed version
1.25.9
Description
During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.
Affected range
<1.25.8
Fixed version
1.25.8
EPSS Score
0.033%
EPSS Percentile
10th percentile
Description
url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
Affected range
>=1.25.0 <1.25.5
Fixed version
1.25.5
EPSS Score
0.023%
EPSS Percentile
6th percentile
Description
Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.
Affected range
>=1.25.0 <1.25.6
Fixed version
1.25.6
EPSS Score
0.034%
EPSS Percentile
10th percentile
Description
The net/url package does not set a limit on the number of query parameters in a query.
While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.
Affected range
>=1.25.0 <1.25.2
Fixed version
1.25.2
EPSS Score
0.028%
EPSS Percentile
8th percentile
Description
The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.
Affected range
>=1.25.0 <1.25.2
Fixed version
1.25.2
EPSS Score
0.027%
EPSS Percentile
8th percentile
Description
The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input.
This affects programs which parse untrusted PEM inputs.
Affected range
>=1.25.0 <1.25.2
Fixed version
1.25.2
EPSS Score
0.006%
EPSS Percentile
0th percentile
Description
Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method.
This affects programs which validate arbitrary certificate chains.
Affected range
>=1.25.0 <1.25.3
Fixed version
1.25.3
EPSS Score
0.013%
EPSS Percentile
2nd percentile
Description
Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate.
This affects programs which validate arbitrary certificate chains.
Affected range
>=1.25.0 <1.25.6
Fixed version
1.25.6
EPSS Score
0.019%
EPSS Percentile
5th percentile
Description
archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.
Affected range
>=1.25.0 <1.25.5
Fixed version
1.25.5
EPSS Score
0.011%
EPSS Percentile
1st percentile
Description
An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.
Affected range
<1.25.8
Fixed version
1.25.8
EPSS Score
0.012%
EPSS Percentile
2nd percentile
Description
Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh".
A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow "url=" by setting htmlmetacontenturlescape=0.
Affected range
>=1.25.0 <1.25.1
Fixed version
1.25.1
EPSS Score
0.011%
EPSS Percentile
1st percentile
Description
When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.
Affected range
>=1.25.0 <1.25.6
Fixed version
1.25.6
EPSS Score
0.009%
EPSS Percentile
1st percentile
Description
During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.
Affected range
>=1.25.0 <1.25.2
Fixed version
1.25.2
EPSS Score
0.016%
EPSS Percentile
3rd percentile
Description
The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.
Affected range
>=1.25.0 <1.25.2
Fixed version
1.25.2
EPSS Score
0.009%
EPSS Percentile
1st percentile
Description
When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.
Affected range
>=1.25.0 <1.25.2
Fixed version
1.25.2
EPSS Score
0.028%
EPSS Percentile
8th percentile
Description
Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.
Affected range
>=1.25.0 <1.25.2
Fixed version
1.25.2
EPSS Score
0.023%
EPSS Percentile
6th percentile
Description
Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.
Affected range
>=1.25.0 <1.25.2
Fixed version
1.25.2
EPSS Score
0.022%
EPSS Percentile
6th percentile
Description
The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://[::1]/". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.
Affected range
>=1.25.0 <1.25.2
Fixed version
1.25.2
EPSS Score
0.012%
EPSS Percentile
2nd percentile
Description
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.
Affected range
<1.25.8
Fixed version
1.25.8
EPSS Score
0.005%
EPSS Percentile
0th percentile
Description
On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened.
The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root.
Affected range
<1.25.9
Fixed version
1.25.9
Description
Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied.
These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.
Affected range
<1.25.9
Fixed version
1.25.9
Description
tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format.
Affected range
<1.25.9
Fixed version
1.25.9
Description
If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service.
This only affects TLS 1.3.
Affected range
<1.25.9
Fixed version
1.25.9
Description
On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root.
The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.
Affected range
<1.25.9
Fixed version
1.25.9
Description
Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service.
This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Affected range
<0.28.1
Fixed version
0.28.1
CVSS Score
8.4
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.055%
EPSS Percentile
17th percentile
Description
Impact
When using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for the execution context.
Patches
The issue has been fixed in v0.28.1+
Workarounds
Issue requires using an untrusted BuildKit frontend set with #syntax or --build-arg BUILDKIT_SYNTAX. Using these options with a well-known frontend image like docker/dockerfile is not affected.
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Insufficient validation of Git URL fragment subdir components (<url>#<ref>:<subdir>, docs) may allow access to files outside the checked-out Git repository root. Possible access is limited to files on the same mounted filesystem.
Patches
The issue has been fixed in version v0.28.1
Workarounds
The issue affects only builds that use Git URLs with a subpath component. Avoid building Dockerfiles from untrusted sources or using the subdir component from an untrusted Git repository where the subdir component could point to a symlink.
The fix for GHSA-9h8m-3fm2-qjrq (CVE-2026-24051) changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms.
The execCommand helper at sdk/resource/host_id_exec.go uses exec.Command(name, arg...) which searches $PATH when the command name contains no path separator.
Affected platforms (per build tag in host_id_bsd.go:4): DragonFly BSD, FreeBSD, NetBSD, OpenBSD, Solaris.
The kenv path is reached when /etc/hostid does not exist (line 38-40), which is common on FreeBSD systems.
Attack
Attacker has local access to a system running a Go application that imports go.opentelemetry.io/otel/sdk
Attacker places a malicious kenv binary earlier in $PATH
Application initializes OpenTelemetry resource detection at startup
hostIDReaderBSD.read() calls exec.Command("kenv", ...) which resolves to the malicious binary
Arbitrary code executes in the context of the application
A vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a Denial of Service (DoS) condition.
Exploitation requires write access to the local repository's .git directory, it order to create or alter existing .idx files.
Patches
Users should upgrade to v5.17.1, or the latest v6pseudo-version, in order to mitigate this vulnerability.
Credit
The go-git maintainers thank @kq5y for finding and reporting this issue privately to the go-git project.
Improper Validation of Integrity Check Value
Affected range
<=5.16.4
Fixed version
5.16.5
CVSS Score
4.3
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
EPSS Score
0.006%
EPSS Percentile
0th percentile
Description
Impact
A vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would likely result in unexpected errors such as object not found.
For context, clients fetch packfiles from upstream Git servers. Those files contain a checksum of their contents, so that clients can perform integrity checks before consuming it. The pack indexes (.idx) are generated locally by go-git, or the git cli, when new .pack files are received and processed. The integrity checks for both files were not being verified correctly.
Note that the lack of verification of the packfile checksum has no impact on the trust relationship between the client and server, which is enforced based on the protocol being used (e.g. TLS in the case of https:// or known hosts for ssh://). In other words, the packfile checksum verification does not provide any security benefits when connecting to a malicious or compromised Git server.
Patches
Users should upgrade to v5.16.5, or the latest v6pseudo-version, in order to mitigate this vulnerability.
Workarounds
In case updating to a fixed version of go-git is not possible, users can run git fsck from the git cli to check for data corruption on a given repository.
Credit
Thanks @N0zoM1z0 for finding and reporting this issue privately to the go-git project.
Improper Validation of Array Index
Affected range
<=5.17.0
Fixed version
5.17.1
CVSS Score
2.8
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
EPSS Score
0.014%
EPSS Percentile
2nd percentile
Description
Impact
go-git’s index decoder for format version 4 fails to validate the path name prefix length before applying it to the previously decoded path name. A maliciously crafted index file can trigger an out-of-bounds slice operation, resulting in a runtime panic during normal index parsing.
This issue only affects Git index format version 4. Earlier formats (go-git supports only v2 and v3) are not vulnerable to this issue.
An attacker able to supply a crafted .git/index file can cause applications using go-git to panic while reading the index. If the application does not recover from panics, this results in process termination, leading to a denial-of-service (DoS) condition.
Exploitation requires the ability to modify or inject a Git index file within the local repository in disk. This typically implies write access to the .git directory.
Patches
Users should upgrade to v5.17.1, or the latest v6pseudo-version, in order to mitigate this vulnerability.
Credit
go-git maintainers thank @kq5y for finding and reporting this issue privately to the go-git project.
overview:
this report shows that the otlp HTTP exporters (traces/metrics/logs) read the full HTTP response body into an in-memory bytes.Buffer without a size cap.
this is exploitable for memory exhaustion when the configured collector endpoint is attacker-controlled (or a network attacker can mitm the exporter connection).
severity
HIGH
not claiming: this is a remote dos against every default deployment.
claiming: if the exporter sends traces to an untrusted collector endpoint (or over a network segment where mitm is realistic), that endpoint can crash the process via a large response body.
root cause:
each exporter client reads resp.Body using io.Copy(&respData, resp.Body) into a bytes.Buffer on both success and error paths, with no upper bound.
impact:
a malicious collector can force large transient heap allocations during export (peak memory scales with attacker-chosen response size) and can potentially crash the instrumented process (oom).
overview:
this report shows that the otlp HTTP exporters (traces/metrics/logs) read the full HTTP response body into an in-memory bytes.Buffer without a size cap.
this is exploitable for memory exhaustion when the configured collector endpoint is attacker-controlled (or a network attacker can mitm the exporter connection).
severity
HIGH
not claiming: this is a remote dos against every default deployment.
claiming: if the exporter sends traces to an untrusted collector endpoint (or over a network segment where mitm is realistic), that endpoint can crash the process via a large response body.
root cause:
each exporter client reads resp.Body using io.Copy(&respData, resp.Body) into a bytes.Buffer on both success and error paths, with no upper bound.
impact:
a malicious collector can force large transient heap allocations during export (peak memory scales with attacker-chosen response size) and can potentially crash the instrumented process (oom).
overview:
this report shows that the otlp HTTP exporters (traces/metrics/logs) read the full HTTP response body into an in-memory bytes.Buffer without a size cap.
this is exploitable for memory exhaustion when the configured collector endpoint is attacker-controlled (or a network attacker can mitm the exporter connection).
severity
HIGH
not claiming: this is a remote dos against every default deployment.
claiming: if the exporter sends traces to an untrusted collector endpoint (or over a network segment where mitm is realistic), that endpoint can crash the process via a large response body.
root cause:
each exporter client reads resp.Body using io.Copy(&respData, resp.Body) into a bytes.Buffer on both success and error paths, with no upper bound.
impact:
a malicious collector can force large transient heap allocations during export (peak memory scales with attacker-chosen response size) and can potentially crash the instrumented process (oom).
overview:
this report shows that the otlp HTTP exporters (traces/metrics/logs) read the full HTTP response body into an in-memory bytes.Buffer without a size cap.
this is exploitable for memory exhaustion when the configured collector endpoint is attacker-controlled (or a network attacker can mitm the exporter connection).
severity
HIGH
not claiming: this is a remote dos against every default deployment.
claiming: if the exporter sends traces to an untrusted collector endpoint (or over a network segment where mitm is realistic), that endpoint can crash the process via a large response body.
root cause:
each exporter client reads resp.Body using io.Copy(&respData, resp.Body) into a bytes.Buffer on both success and error paths, with no upper bound.
impact:
a malicious collector can force large transient heap allocations during export (peak memory scales with attacker-chosen response size) and can potentially crash the instrumented process (oom).
(*Point).MultiScalarMult failed to initialize its receiver.
If the method was called on an initialized point that is not the identity point, MultiScalarMult produced an incorrect result.
If the method was called on an uninitialized point, the behavior was undefined. In particular, if the receiver was the zero value, MultiScalarMult returned an invalid point that compared Equal to every point.
Note that MultiScalarMult is a rarely used advanced API. For example, if you only depend on filippo.io/edwards25519 via github.com/go-sql-driver/mysql, you are not affected. If you were notified of this issue despite not being affected, consider switching to a vulnerability scanner that is more precise and respectful of your attention, like govulncheck.
The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas.
ECDH and ECDSA signing relying on this curve are not affected.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
nicholasdille-bot
left a comment
This PR contains the following updates:
0.24.1→0.24.2Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
docker/sbx-releases (docker-sbx)
v0.24.2Compare Source
Highlights
This patch release brings a revamped TUI experience with a new sandbox info dialog, improved notifications, and better error visibility when the daemon becomes unreachable. It also includes several CLI stability fixes including proper terminal restoration after agent crashes, correct
--separator handling in exec, and graceful handling of invalid sandbox names.What's New
CLI & TUI
Bug Fixes
--separator in exec command args (#2057)--disable-interactivityflag for Windows winget to avoid interactive prompt (#2180)Configuration
📅 Schedule: (in timezone Europe/Berlin)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.