Skip to content

Backport fixes for CVE-2025-67721#309

Merged
electrum merged 2 commits intoairlift:release-2.xfrom
ali-ince:backport-cve-2025-67721
Feb 24, 2026
Merged

Backport fixes for CVE-2025-67721#309
electrum merged 2 commits intoairlift:release-2.xfrom
ali-ince:backport-cve-2025-67721

Conversation

@ali-ince
Copy link

@ali-ince ali-ince commented Dec 17, 2025

Hello, I'd like to raise a PR that backports #306 and #307 to the 2.x branch with a follow-up action of releasing a 2.0.3.

@YanivKunda
Copy link

YanivKunda commented Dec 24, 2025

I'd like to also point out my PR #312 to be before releasing a 2.0.3 for a couple of more CVEs.

@jkalq jkalq mentioned this pull request Jan 7, 2026
Closed
@tlopesPT tlopesPT mentioned this pull request Jan 9, 2026
Closed
@lhotari lhotari mentioned this pull request Jan 23, 2026
Closed
@philippe-granet philippe-granet mentioned this pull request Feb 2, 2026
Merged
@olegbonar
Copy link

olegbonar commented Feb 5, 2026

Also interested in this. @dain @electrum could you jump in for the review please?

@lhotari
Copy link

lhotari commented Feb 10, 2026

Also looking forward to a 2.0.3 release with this fix. We'd need it for Apache Pulsar.

@kevincai kevincai mentioned this pull request Feb 11, 2026
Closed
@kevincai
Copy link

kevincai commented Feb 11, 2026

any tentative date for the v2.0.3 out with the fix?

@selvakn selvakn mentioned this pull request Feb 19, 2026
Closed
@rmoff rmoff mentioned this pull request Feb 20, 2026
Open
@jbachorik
Copy link

jbachorik commented Feb 23, 2026

Hello, would it be possible to get some clear messaging about what is the plan and the timeline, please?

Apparently, this is biting a bunch not-so-low-profile projects as well as our tracer (DataDog/dd-trace-java#10633). A timeline would be greatly appreciated, so we can adjust our expectations.

Thanks very much in advance!

@rmoff
Copy link

rmoff commented Feb 24, 2026

@wendigo thanks for merging this. Do you know what the plans are for a release of v2.0.3 that would include this?

@wendigo
Copy link
Contributor

wendigo commented Feb 24, 2026

@rmoff I can't merge it. I've asked @martint to do it

@electrum electrum merged commit 35152dc into airlift:release-2.x Feb 24, 2026
@electrum
Copy link
Member

electrum commented Feb 24, 2026

We just released 2.0.3. Thanks to @wendigo for adding the release automation.

@jbachorik
Copy link

jbachorik commented Feb 24, 2026

🎁 Thank you very much to everyone involved! Hugely appreciated!

@jbachorik jbachorik mentioned this pull request Feb 24, 2026
Merged
@lhotari
Copy link

lhotari commented Feb 24, 2026

I submitted a modification to the advisory here: github/advisory-database#7065

@melissalinkert melissalinkert mentioned this pull request Feb 24, 2026
Closed
@Dilli-Babu-Godari Dilli-Babu-Godari mentioned this pull request Feb 25, 2026
Closed
@ali-ince ali-ince deleted the backport-cve-2025-67721 branch March 5, 2026 08:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@electrum electrum electrum approved these changes

+2 more reviewers

@wendigo wendigo wendigo approved these changes

@kevincai kevincai kevincai approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

9 participants

@ali-ince @YanivKunda @olegbonar @lhotari @kevincai @jbachorik @rmoff @wendigo @electrum