Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Major
Fix Version/s: None
Affects Version/s: 4.22
Component/s: OLM
Labels:
- olmv0
- olmv1
- triaged

Activity Type:
None
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Story Points:
None
Severity:
None
Regression:
None

Target Backport Versions:
None
Target Version:
None
Release Blocker:
Rejected
Sprint:
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Release Note Status:
None
Release Note Type:
None
Release Note Text:
None

Escape Reason:
None
Escape Impact:
None
Corrective Measures:
None
SDLC stage when should've been found:
None

Description of problem:

    We are using OPM v1.62.0 and our scans are showing a handful of high/medium CVEs related to the go version being used. I understand that OPM currently only has access to go 1.25.3, however many of the fixes are resolved in 1.25.5/1.25.6.

Version-Release number of selected component (if applicable):

    OPM v1.62.0

Actual results:

High   CVE-2025-61729 Fixed in go 1.25.5
High   CVE-2025-61726 Fixed in go 1.25.6
Medium CVE-2025-61727 Fixed in go 1.25.5
Medium CVE-2025-61730 Fixed in go 1.25.6
Medium CVE-2025-61728 Fixed in go 1.25.6

Expected results:

All critical/high/medium CVEs related to go are resolved

Assignee:: Catherine Chan-Tse

Reporter:: Thomas Leah

Need Info From:: None

Contributors:: None

QA Contact:: bruno andrade

Doc Contact:: None

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2026/02/02 4:07 PM

Updated:: 2026/02/25 4:57 PM