Skip to content

fix: CVE-2025-61729 - update contrib Dockerfile to use Go 1.25.6#2804

Open
infernus01 wants to merge 1 commit intotektoncd:release-v0.37.5from
infernus01:CVE-2025-61729-1.15-037.5
Open

fix: CVE-2025-61729 - update contrib Dockerfile to use Go 1.25.6#2804
infernus01 wants to merge 1 commit intotektoncd:release-v0.37.5from
infernus01:CVE-2025-61729-1.15-037.5

Conversation

@infernus01
Copy link
Copy Markdown
Member

@infernus01 infernus01 commented Apr 13, 2026

Changes

Summary

  • Bumps contrib/tkn-image/Dockerfile from Go 1.17.13 to 1.25.6 to pick up the fix for CVE-2025-61729 (DoS via crafted x509 certificate).
  • Also bumps Debian from 10 (EOL) to 12.

The go.mod was already at 1.25.6 so the old Dockerfile couldn't even build the project anymore.

Submitter Checklist

These are the criteria that every PR should meet, please check them off as you
review them:

  • Includes tests (if functionality changed/added)
  • Run the code checkers with make check
  • Regenerate the manpages, docs and go formatting with make generated
  • Commit messages follow commit message best practices

See the contribution guide
for more details.

Release Notes

/kind misc

@infernus01
fix: CVE-2025-61729 - update contrib Dockerfile to use Go 1.25.6
9bdaa07 
Signed-off-by: Shubham Bhardwaj <shubbhar@redhat.com>
@tekton-robot tekton-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. kind/misc Categorizes issue or PR as a miscellaneuous one. labels Apr 13, 2026
@tekton-robot tekton-robot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Apr 13, 2026
chmouel
chmouel approved these changes Apr 13, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@chmouel chmouel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve

@tekton-robot
Copy link
Copy Markdown
Contributor

tekton-robot commented Apr 13, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: chmouel

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tekton-robot tekton-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Apr 13, 2026
@waveywaves
Copy link
Copy Markdown
Member

waveywaves commented Apr 14, 2026

/retest

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chmouel chmouel chmouel approved these changes

@piyush-garg piyush-garg Awaiting requested review from piyush-garg

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. kind/misc Categorizes issue or PR as a miscellaneuous one. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@infernus01 @tekton-robot @waveywaves @chmouel