vendor: golang.org/x/crypto v0.35.0
We have tagged version v0.35.0 of golang.org/x/crypto in order to address a security issue. Version v0.35.0 of golang.org/x/crypto fixes a vulnerability in the golang.org/x/crypto/ssh package which could cause a denial of service. SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted. Thanks to Yuichi Watanabe for reporting this issue. This is CVE-2025-22869 and Go issue https://go.dev/issue/71931. full diff: https://github.com/golang/crypto/compare/v0.31.0...v0.35.0 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn
2
vendor/modules.txt
vendored
2
vendor/modules.txt
vendored
@ -383,7 +383,7 @@ go.opentelemetry.io/proto/otlp/common/v1
|
||||
go.opentelemetry.io/proto/otlp/metrics/v1
|
||||
go.opentelemetry.io/proto/otlp/resource/v1
|
||||
go.opentelemetry.io/proto/otlp/trace/v1
|
||||
# golang.org/x/crypto v0.34.0
|
||||
# golang.org/x/crypto v0.35.0
|
||||
## explicit; go 1.23.0
|
||||
golang.org/x/crypto/ed25519
|
||||
golang.org/x/crypto/pbkdf2
|
||||
|
||||
Reference in New Issue
Block a user