You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We use the NGINX Kubernetes Ingress Controller (nginx/kubernetes-ingress) v5.2.1. Our security scanner flagged CVE-2025-47913, which is a vulnerability in the Go package golang.org/x/crypto/ssh/agent (versions < 0.43.0). Your main branch already uses v0.45.0, which I assume can address this CVE.
Questions:
Is there a planned release that includes this dependency update so that it will be included in a formal release version?
If a release timeline is not fixed, would building from main be the recommended approach for immediate mitigation?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
We use the NGINX Kubernetes Ingress Controller (nginx/kubernetes-ingress) v5.2.1. Our security scanner flagged CVE-2025-47913, which is a vulnerability in the Go package golang.org/x/crypto/ssh/agent (versions < 0.43.0). Your main branch already uses v0.45.0, which I assume can address this CVE.
Questions:
Thank you for your guidance!
Beta Was this translation helpful? Give feedback.
All reactions