Skip to content

fix CVE-2025-22872 #38

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 24, 2025
Merged

fix CVE-2025-22872 #38

merged 1 commit into from
Apr 24, 2025

Conversation

developer-guy
Copy link

@developer-guy developer-guy commented Apr 21, 2025
edited
Loading

There was a CVE reported:

└── 📄 /usr/share/localstack/.venv/lib/python3.12/site-packages/.filesystem/usr/lib/localstack/lambda-runtime/v0.1.32-pre/arm64/var/rapid/init
        📦 golang.org/x/net v0.33.0 (go-module)
            Medium CVE-2025-22872 fixed in 0.38.0
            Medium CVE-2025-22872 GHSA-vvgc-356p-c3xw fixed in 0.38.0

so this PR aims to fix this.

@developer-guy
fix CVE-2025-22872
070113a 
Signed-off-by: Batuhan Apaydin <[email protected]>
@kbsteere
Copy link

@whummer @bentsku could you review these changes?

@alexrashed alexrashed requested a review from dfangl April 22, 2025 06:56
@developer-guy
Copy link
Author

kindly ping @dfangl

dfangl
dfangl approved these changes Apr 24, 2025
View reviewed changes
Copy link
Member

@dfangl dfangl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm happy with this, I will pull in upstream changes and update to go 1.24 before releasing this as well!

@dfangl dfangl merged commit 10daeb8 into localstack:localstack Apr 24, 2025
1 check passed
@dfangl dfangl mentioned this pull request Apr 24, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dfangl dfangl dfangl approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@developer-guy @kbsteere @dfangl