When Will CVE-2025-47913 Fix in Main Branch Be Released? #8567

yijsap · 2025-11-24T18:20:41Z

yijsap
Nov 24, 2025

We use the NGINX Kubernetes Ingress Controller (nginx/kubernetes-ingress) v5.2.1. Our security scanner flagged CVE-2025-47913, which is a vulnerability in the Go package golang.org/x/crypto/ssh/agent (versions < 0.43.0). Your main branch already uses v0.45.0, which I assume can address this CVE.

Questions:

Is there a planned release that includes this dependency update so that it will be included in a formal release version?
If a release timeline is not fixed, would building from main be the recommended approach for immediate mitigation?

Thank you for your guidance!

haywoodsh · 2025-11-25T18:10:15Z

haywoodsh
Nov 25, 2025
Collaborator

Hi @yijsap
The code in the main branch will be included in the next release.
This project is released quarterly, so you can expect a new version in the coming weeks.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

When Will CVE-2025-47913 Fix in Main Branch Be Released? #8567

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

When Will CVE-2025-47913 Fix in Main Branch Be Released? #8567

Uh oh!

yijsap Nov 24, 2025

Replies: 1 comment

Uh oh!

haywoodsh Nov 25, 2025 Collaborator

yijsap
Nov 24, 2025

haywoodsh
Nov 25, 2025
Collaborator