Releases: streamnative/pulsarctl
Releases · streamnative/pulsarctl
v4.2.0-SNAPSHOT
Add namespace-level inactive topic policies commands (#2004)
v4.1.3.2
v4.1.3.1
Add namespace-level inactive topic policies commands (#2004)
v4.0.9.3
Add namespace-level inactive topic policies commands (#2004)
v4.0.9.2
Add namespace-level inactive topic policies commands (#2004)
v4.1.0.16: fix: upgrade Go to 1.25.7 to fix CVE-2025-68121 (#2002)
Upgrade Go version from 1.25.6 to 1.25.7 to address the HIGH severity vulnerability CVE-2025-68121 in crypto/tls session resumption. Fixed versions: 1.24.13, 1.25.7, 1.26.0-rc.3
v4.0.9.1: fix: upgrade Go to 1.25.7 to fix CVE-2025-68121 (#2002)
Upgrade Go version from 1.25.6 to 1.25.7 to address the HIGH severity vulnerability CVE-2025-68121 in crypto/tls session resumption. Fixed versions: 1.24.13, 1.25.7, 1.26.0-rc.3
v4.0.8.8: fix: upgrade Go to 1.25.7 to fix CVE-2025-68121 (#2002)
Upgrade Go version from 1.25.6 to 1.25.7 to address the HIGH severity vulnerability CVE-2025-68121 in crypto/tls session resumption. Fixed versions: 1.24.13, 1.25.7, 1.26.0-rc.3
v4.1.0.15: fix: patch Go stdlib CVEs in pulsarctl (update to go 1.25.5) (#1969)
* fix: patch Go stdlib CVEs in pulsarctl (update to go 1.25.5) - Update go.mod from go 1.25.0 to go 1.25.5 - Fix 13 CVEs in Go stdlib: - CVE-2025-58183 (HIGH): archive/tar unbounded allocation - CVE-2025-61729 (HIGH): crypto/x509 denial of service - CVE-2025-47910 (MEDIUM): net/http CrossOriginProtection bypass - CVE-2025-47912 (MEDIUM): net/url insufficient IPv6 validation - CVE-2025-58185 (MEDIUM): encoding/asn1 memory exhaustion - CVE-2025-58186 (MEDIUM): net/http cookie parsing limit - CVE-2025-58187 (MEDIUM): crypto/x509 quadratic complexity - CVE-2025-58188 (MEDIUM): crypto/x509 panic with DSA keys - CVE-2025-58189 (MEDIUM): crypto/tls ALPN error info leak - CVE-2025-61723 (MEDIUM): encoding/pem quadratic complexity - CVE-2025-61724 (MEDIUM): net/textproto excessive CPU - CVE-2025-61725 (MEDIUM): net/mail excessive CPU - CVE-2025-61727 (MEDIUM): crypto/x509 wildcard SANs restriction Fixed in Go 1.25.5 Related: streamnative/eng-support-tickets#3619 * fix: update setup-go action to v5 for Go 1.25 compatibility - Update actions/setup-go from v1 to v5 in ci-trivy.yml - setup-go@v1 does not support Go 1.25.x versions - This fixes the 'Set up Go 1.25' step failure in CI
v4.0.8.7: fix: patch Go stdlib CVEs in pulsarctl (update to go 1.25.5) (#1969)
* fix: patch Go stdlib CVEs in pulsarctl (update to go 1.25.5) - Update go.mod from go 1.25.0 to go 1.25.5 - Fix 13 CVEs in Go stdlib: - CVE-2025-58183 (HIGH): archive/tar unbounded allocation - CVE-2025-61729 (HIGH): crypto/x509 denial of service - CVE-2025-47910 (MEDIUM): net/http CrossOriginProtection bypass - CVE-2025-47912 (MEDIUM): net/url insufficient IPv6 validation - CVE-2025-58185 (MEDIUM): encoding/asn1 memory exhaustion - CVE-2025-58186 (MEDIUM): net/http cookie parsing limit - CVE-2025-58187 (MEDIUM): crypto/x509 quadratic complexity - CVE-2025-58188 (MEDIUM): crypto/x509 panic with DSA keys - CVE-2025-58189 (MEDIUM): crypto/tls ALPN error info leak - CVE-2025-61723 (MEDIUM): encoding/pem quadratic complexity - CVE-2025-61724 (MEDIUM): net/textproto excessive CPU - CVE-2025-61725 (MEDIUM): net/mail excessive CPU - CVE-2025-61727 (MEDIUM): crypto/x509 wildcard SANs restriction Fixed in Go 1.25.5 Related: streamnative/eng-support-tickets#3619 * fix: update setup-go action to v5 for Go 1.25 compatibility - Update actions/setup-go from v1 to v5 in ci-trivy.yml - setup-go@v1 does not support Go 1.25.x versions - This fixes the 'Set up Go 1.25' step failure in CI