elastic / cloudbeat / 20029679497 / 1
76%
main: 76%

LAST BUILD BRANCH: renovate/main-aws-iam-authenticator-0.x
DEFAULT BRANCH: main
Ran
Files 229
Run time 7s
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 76.183%. Remained the same
20029679497.1

push

github

web-flow 
Upgrade Go toolchain to 1.25.5 (CVE-2025-61729) (#3703)

## Summary
Upgrades the Go toolchain from version 1.25.2 to 1.25.5 to address
CVE-2025-61729.

## Vulnerability Details
- **CVE ID**: CVE-2025-61729
- **Severity**: HIGH (CVSS 7.5)
- **Component**: `crypto/x509` (Go standard library)
- **Issue**: Quadratic runtime DoS in `HostnameError.Error()` method
- **Fixed Version**: Go 1.25.5 (and 1.24.11)

## Impact on Cloudbeat
Cloudbeat is **not affected** by this vulnerability because:
- The vulnerable code path only triggers during TLS hostname
verification failures
- Cloudbeat exclusively connects to legitimate cloud provider APIs (AWS,
Azure, GCP, Kubernetes) with valid certificates
- An attacker would need to MITM connections and provide malicious
certificates, which is prevented in Cloudbeat's operational environment

Nevertheless, this upgrade is recommended as part of standard security
maintenance.

## Changes
- Updated `go.mod`: `go 1.25.2` → `go 1.25.5`
- Updated `.go-version`: `1.25.4` → `1.25.5`
- No code changes required

## Test Plan
- [x] Build succeeded with Go 1.25.5
- [ ] CI tests pass
- [ ] Integration tests pass

## References
- [CVE-2025-61729](https://nvd.nist.gov/vuln/detail/CVE-2025-61729)
-
[GHSA-7c64-f9jr-v9h2](https://github.com/advisories/GHSA-7c64-f9jr-v9h2)
- [Go Issue #76445](https://github.com/golang/go/issues/76445)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude <noreply@anthropic.com>

9599 of 12600 relevant lines covered (76.18%)

16.57 hits per line

Source Files on job 20029679497.1