[PR #568] fix(sec): upgrade golang.org/x/crypto to 0.17.0 #494

New issue

Open

opened 2026-02-25 22:33:40 +03:00 by kerem · 0 comments

kerem commented 2026-02-25 22:33:40 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/FiloSottile/mkcert/pull/568
Author: @suguds
Created: 2/1/2024
Status: 🔄 Open

Base: master ← Head: oscs_fix_cmtg9soau51oj0c3u3d0

---

📝 Commits (1)

• 3cf345c update golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29 to 0.17.0

📊 Changes

2 files changed (+7 additions, -3 deletions)

View changed files

📝 go.mod (+3 -3)
📝 go.sum (+4 -0)

📄 Description

What happened？

There are 1 security vulnerabilities found in golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29

• CVE-2023-48795

What did I do？

Upgrade golang.org/x/crypto from v0.0.0-20220331220935-ae2d96664a29 to 0.17.0 for vulnerability fix

What did you expect to happen？

Ideally, no insecure libs should be used.

How can we automate the detection of these types of issues?

By using the GitHub Actions configurations provided by murphysec, we can conduct automatic code security checks in our CI pipeline.

The specification of the pull request

PR Specification from OSCS

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/FiloSottile/mkcert/pull/568 **Author:** [@suguds](https://github.com/suguds) **Created:** 2/1/2024 **Status:** 🔄 Open **Base:** `master` ← **Head:** `oscs_fix_cmtg9soau51oj0c3u3d0` --- ### 📝 Commits (1) - [`3cf345c`](https://github.com/FiloSottile/mkcert/commit/3cf345c8b583f4f908741317244dc99e5296f963) update golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29 to 0.17.0 ### 📊 Changes **2 files changed** (+7 additions, -3 deletions) <details> <summary>View changed files</summary> 📝 `go.mod` (+3 -3) 📝 `go.sum` (+4 -0) </details> ### 📄 Description ### What happened？ There are 1 security vulnerabilities found in golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29 - [CVE-2023-48795](https://www.oscs1024.com/hd/CVE-2023-48795) ### What did I do？ Upgrade golang.org/x/crypto from v0.0.0-20220331220935-ae2d96664a29 to 0.17.0 for vulnerability fix ### What did you expect to happen？ Ideally, no insecure libs should be used. ### How can we automate the detection of these types of issues? By using the [GitHub Actions](https://github.com/murphysecurity/actions) configurations provided by murphysec, we can conduct automatic code security checks in our CI pipeline. ### The specification of the pull request [PR Specification](https://www.oscs1024.com/docs/pr-specification/) from OSCS --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem added the

pull-request

label 2026-02-25 22:33:40 +03:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

v1.4.4

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.3.0

v1.2.0

v1.1.2

v1.1.1

v1.1.0

v1.0.1

v1.0.0

v0.9.1

v0.9.0

Labels

Clear labels   

TLS stack issue

  

Windows

  

bug

  

duplicate

  

duplicate

  

enhancement

  

help wanted

  

help wanted

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question

  

root store

  

waiting for info

No labels

TLS stack issue

Windows

bug

duplicate

duplicate

enhancement

help wanted

help wanted

pull-request

question

question

root store

waiting for info

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/mkcert#494

No description provided.