Skip to content

chore(build): bump Go toolchain off EOL 1.23 and refresh base image #6

Description

The repo pins Go 1.23, which is past EOL and no longer receives standard library security fixes (several published stdlib CVEs affect binaries built with it, including a critical crypto/tls issue fixed in Go 1.24.13/1.25.7). The Alpine base also carries an outdated libcrypto3 with a published critical fix.

  • Bump the go directive in go.mod and the golang: builder image to 1.26.x
  • Refresh the runtime base image
  • Rebuild and release

Metadata

Metadata

Assignees

No one assigned

    Labels

    priority/important-soonMust be staffed and worked on either currently, or very soon, ideally in time for the next release.securitySecurity-related issue

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions