Update to go 1.25.9 to fix multiple CVEs

- CVE-2026-32282: os: Root.Chmod can follow symlinks out of the root on Linux - CVE-2026-32289: html/template: JS template literal context incorrectly tracked - CVE-2026-33810: crypto/x509: excluded DNS constraints not properly applied to wildcard domains - CVE-2026-27144: cmd/compile: no-op interface conversion bypasses overlap checking - CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination - CVE-2026-32288: archive/tar: unbounded allocation when parsing old format GNU sparse map - CVE-2026-32283: crypto/tls: multiple key update handshake messages can cause connection to deadlock - CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG - CVE-2026-32280: crypto/x509: unexpected work during chain building - CVE-2026-32281: crypto/x509: inefficient policy validation Fixes #9302
2026-05-13 19:04:17 -04:00 · 2026-04-08 09:50:20 +01:00
parent 6987bc1318
commit 06c054bbc8
1 changed files with 8 additions and 8 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -34,7 +34,7 @@ jobs:
        include:
          - job_name: linux
            os: ubuntu-latest
-            go: '~1.25.8'
+            go: '~1.25.9'
            gotags: cmount
            build_flags: '-include "^linux/"'
            check: true
@@ -45,14 +45,14 @@ jobs:

          - job_name: linux_386
            os: ubuntu-latest
-            go: '~1.25.8'
+            go: '~1.25.9'
            goarch: 386
            gotags: cmount
            quicktest: true

          - job_name: mac_amd64
            os: macos-latest
-            go: '~1.25.8'
+            go: '~1.25.9'
            gotags: 'cmount'
            build_flags: '-include "^darwin/amd64" -cgo'
            quicktest: true
@@ -61,14 +61,14 @@ jobs:

          - job_name: mac_arm64
            os: macos-latest
-            go: '~1.25.8'
+            go: '~1.25.9'
            gotags: 'cmount'
            build_flags: '-include "^darwin/arm64" -cgo -macos-arch arm64 -cgo-cflags=-I/usr/local/include -cgo-ldflags=-L/usr/local/lib'
            deploy: true

          - job_name: windows
            os: windows-latest
-            go: '~1.25.8'
+            go: '~1.25.9'
            gotags: cmount
            cgo: '0'
            build_flags: '-include "^windows/"'
@@ -78,7 +78,7 @@ jobs:

          - job_name: other_os
            os: ubuntu-latest
-            go: '~1.25.8'
+            go: '~1.25.9'
            build_flags: '-exclude "^(windows/|darwin/|linux/)"'
            compile_all: true
            deploy: true
@@ -218,7 +218,7 @@ jobs:
        id: setup-go
        uses: actions/setup-go@v6
        with:
-          go-version: '~1.25.8'
+          go-version: '~1.25.9'
          check-latest: true
          cache: false

@@ -309,7 +309,7 @@ jobs:
      - name: Set up Go
        uses: actions/setup-go@v6
        with:
-          go-version: '~1.25.8'
+          go-version: '~1.25.9'

      - name: Set global environment variables
        run: |