fix: upgrade to 1.24.6 to fix race in lib/pq queries (#19214) #19218

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merged

spikecurtis merged 2 commits into release/2.25 from spike/cherry-pick-19214-v2.25

Aug 7, 2025

Contributor

spikecurtis commented Aug 7, 2025

THIS IS A SECURITY FIX - cherry picked from #19214

upgrade to go 1.24.6 to avoid golang/go#74831 (CVE-2025-47907)

Also points to a new version of our lib/pq fork that worked around the Go issue, which should restore better performance.


          fix: upgrade to 1.24.6 to fix race in lib/pq queries (#19214)

2f314c5

fixes: coder/internal#731

THIS IS A SECURITY FIX

upgrade to go 1.24.6 to avoid golang/go#74831 (CVE-2025-47907)

Also points to a new version of our lib/pq fork that worked around the Go issue, which should restore better performance.

spikecurtis self-assigned this

spikecurtis requested a review from johnstcn

August 7, 2025 10:16

johnstcn approved these changes

View reviewed changes

Member

johnstcn left a comment •

edited

Loading

Dylib build failure likely related to lacking 0d7cc5c

Created a 2.25 cherry here: #19221


          Merge branch 'release/2.25' into spike/cherry-pick-19214-v2.25

d18c5e4

spikecurtis merged commit 079328d into release/2.25

53 of 57 checks passed

spikecurtis deleted the spike/cherry-pick-19214-v2.25 branch

August 7, 2025 11:18

github-actions bot locked and limited conversation to collaborators

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet