Skip to content

chore: update go toolchain directive to v1.26.5 [security]#97

Merged
renovate[bot] merged 1 commit into
masterfrom
renovate/security-updates
Jul 12, 2026
Merged

chore: update go toolchain directive to v1.26.5 [security]#97
renovate[bot] merged 1 commit into
masterfrom
renovate/security-updates

Conversation

@renovate

@renovate renovate Bot commented Jul 12, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Type Update Change
go (source) toolchain patch 1.26.41.26.5

Root escape via symlink plus trailing slash in os

CVE-2026-39822 / GO-2026-4970

More information

Details

On Unix systems, opening a file in an os.Root improperly follows symlinks to locations outside of the Root when the final path component of the a path is a symbolic link and the path ends in /.

For example, 'root.Open("symlink/")' will open "symlink" even when "symlink" is a symbolic link pointing outside of the root.

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).


Invoking Encrypted Client Hello privacy leak in crypto/tls

CVE-2026-42505 / GO-2026-5856

More information

Details

Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello.

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).


Release Notes

golang/go (go)

v1.26.5


Configuration

📅 Schedule: (in timezone UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added dependencies Pull requests that update a dependency file security labels Jul 12, 2026
@renovate renovate Bot requested a review from ZerGo0 as a code owner July 12, 2026 13:16
@renovate renovate Bot added dependencies Pull requests that update a dependency file security labels Jul 12, 2026
@renovate renovate Bot merged commit 8cfa53c into master Jul 12, 2026
3 checks passed
@renovate renovate Bot deleted the renovate/security-updates branch July 12, 2026 19:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file security

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants