Skip to content

fix: CVE-2025-66506 - upgrade cosign to 2.6.2#2744

Merged
tekton-robot merged 1 commit intotektoncd:release-v0.43.0from
infernus01:CVE-2025-66506
Feb 26, 2026
Merged

fix: CVE-2025-66506 - upgrade cosign to 2.6.2#2744
tekton-robot merged 1 commit intotektoncd:release-v0.43.0from
infernus01:CVE-2025-66506

Conversation

@infernus01
Copy link
Copy Markdown
Member

@infernus01 infernus01 commented Feb 25, 2026
edited
Loading

Changes

Scope of this fix is to address CVE-2025-66506 by upgrading cosign from version 2.6.0 to 2.6.2 which has indirect dependency on fulcio 1.8.4 and go version to 1.25.6

/kind bug
part of #2716

Submitter Checklist

These are the criteria that every PR should meet, please check them off as you
review them:

  • Includes tests (if functionality changed/added)
  • Run the code checkers with make check
  • Regenerate the manpages, docs and go formatting with make generated
  • Commit messages follow commit message best practices

See the contribution guide
for more details.

Release Notes

@tekton-robot tekton-robot added kind/bug Categorizes issue or PR as related to a bug. release-note Denotes a PR that will be considered when it comes time to generate release notes. labels Feb 25, 2026
@tekton-robot tekton-robot added the size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. label Feb 25, 2026
@infernus01
fix: CVE-2025-66506 - upgrade cosign to 2.6.2
fe563f6 
Signed-off-by: Shubham Bhardwaj <shubbhar@redhat.com>
@pramodbindal
Copy link
Copy Markdown
Member

pramodbindal commented Feb 25, 2026

lgtm

@pratap0007
Copy link
Copy Markdown
Contributor

pratap0007 commented Feb 26, 2026

/lgtm
/approve

@tekton-robot tekton-robot added the lgtm Indicates that a PR is ready to be merged. label Feb 26, 2026
@tekton-robot
Copy link
Copy Markdown
Contributor

tekton-robot commented Feb 26, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: pratap0007

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tekton-robot tekton-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 26, 2026
@tekton-robot tekton-robot merged commit 67b6b60 into tektoncd:release-v0.43.0 Feb 26, 2026
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@divyansh42 divyansh42 Awaiting requested review from divyansh42

@pradeepitm12 pradeepitm12 Awaiting requested review from pradeepitm12

Assignees

@pratap0007 pratap0007

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. kind/bug Categorizes issue or PR as related to a bug. lgtm Indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@infernus01 @pramodbindal @pratap0007 @tekton-robot