Skip to content

Comments

fix: CVE-2025-66506 - upgrade cosign to 2.6.2#2744

Open
infernus01 wants to merge 1 commit intotektoncd:release-v0.43.0from
infernus01:CVE-2025-66506
Open

fix: CVE-2025-66506 - upgrade cosign to 2.6.2#2744
infernus01 wants to merge 1 commit intotektoncd:release-v0.43.0from
infernus01:CVE-2025-66506

Conversation

@infernus01
Copy link
Member

@infernus01 infernus01 commented Feb 25, 2026
edited
Loading

Changes

Scope of this fix is to address CVE-2025-66506 by upgrading cosign from version 2.6.0 to 2.6.2 which has indirect dependency on fulcio 1.8.4 and go version to 1.25.6

/kind bug

Submitter Checklist

These are the criteria that every PR should meet, please check them off as you
review them:

  • Includes tests (if functionality changed/added)
  • Run the code checkers with make check
  • Regenerate the manpages, docs and go formatting with make generated
  • Commit messages follow commit message best practices

See the contribution guide
for more details.

Release Notes

@tekton-robot tekton-robot added kind/bug Categorizes issue or PR as related to a bug. release-note Denotes a PR that will be considered when it comes time to generate release notes. labels Feb 25, 2026
@tekton-robot
Copy link
Contributor

tekton-robot commented Feb 25, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please assign chmouel after the PR has been reviewed.
You can assign the PR to them by writing /assign @chmouel in a comment when ready.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tekton-robot tekton-robot added the size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. label Feb 25, 2026
@infernus01
fix: CVE-2025-66506 - upgrade cosign to 2.6.2
fe563f6 
Signed-off-by: Shubham Bhardwaj <shubbhar@redhat.com>
@pramodbindal
Copy link
Member

pramodbindal commented Feb 25, 2026

lgtm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@divyansh42 divyansh42 Awaiting requested review from divyansh42

@pradeepitm12 pradeepitm12 Awaiting requested review from pradeepitm12

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

kind/bug Categorizes issue or PR as related to a bug. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@infernus01 @tekton-robot @pramodbindal