Skip to content

Comments

NO-JIRA: Update sirupsen/logrus from v1.9.0 to v1.9.3 to fix CVE-2025-65637 [release-4.15]#2129

Open
rissh wants to merge 1 commit intoopenshift:release-4.15from
rissh:fix-CVE-2025-65637-logrus-4.15
Open

NO-JIRA: Update sirupsen/logrus from v1.9.0 to v1.9.3 to fix CVE-2025-65637 [release-4.15]#2129
rissh wants to merge 1 commit intoopenshift:release-4.15from
rissh:fix-CVE-2025-65637-logrus-4.15

Conversation

@rissh
Copy link

@rissh rissh commented Feb 19, 2026

Bumps github.com/sirupsen/logrus from v1.9.0 to v1.9.3 to address GHSA-4f99-4q7p-p3gh.
Fixes CVE-2025-65637 (DoS in logrus Entry.Writer() for payloads >64KB).

  • Bump github.com/sirupsen/logrus v1.9.0 → v1.9.3
  • Vendor updated; no code changes
  • make verify-deps passes

Downstreams will pick this up once merged.

Related PRs :

@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Feb 19, 2026
@openshift-ci-robot
Copy link

openshift-ci-robot commented Feb 19, 2026

@rissh: This pull request explicitly references no jira issue.

Details

In response to this:

Bumps github.com/sirupsen/logrus from v1.9.0 to v1.9.3 to address GHSA-4f99-4q7p-p3gh.
Fixes CVE-2025-65637 (DoS in logrus Entry.Writer() for payloads >64KB).

  • Bump github.com/sirupsen/logrus v1.9.0 → v1.9.3
  • Vendor updated; no code changes
  • make verify-deps passes

Downstreams will pick this up once merged.

Related PRs :

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci bot requested a review from deads2k February 19, 2026 18:23
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Feb 19, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: rissh
Once this PR has been reviewed and has the lgtm label, please assign deads2k for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Feb 19, 2026

@rissh: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@rissh
Copy link
Author

rissh commented Feb 19, 2026

Hey @p0lyn0mial @bertinatto ,
please take a look at this when you have some time. Thanks!

@rissh rissh changed the title NO-JIRA: Update sirupsen/logrus from v1.9.0 to v1.9.3 to fix CVE-2025-65637 NO-JIRA: Update sirupsen/logrus from v1.9.0 to v1.9.3 to fix CVE-2025-65637 [release-4.15] Feb 19, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@deads2k deads2k Awaiting requested review from deads2k

Assignees

No one assigned

Labels

jira/valid-reference Indicates that this PR references a valid Jira ticket of any type.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rissh @openshift-ci-robot