Upgrade Go toolchain from 1.25.2 to 1.25.5 to address CVE-2025-61729

amirbenun · claude · amirbenun · commit 00dfeeb9218b · 2025-12-07T15:34:32.000+02:00
This commit upgrades the Go toolchain to version 1.25.5 to address CVE-2025-61729, a HIGH severity vulnerability in crypto/x509's HostnameError.Error() method that could lead to excessive resource consumption. While Cloudbeat is not directly affected by this vulnerability (it only impacts TLS hostname verification failures), upgrading to the patched Go version is part of standard security maintenance practices. Fixes CVE-2025-61729 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
diff --git a/.go-version b/.go-version
@@ -1 +1 @@
-1.25.4
+1.25.5
diff --git a/bin/.go-1.25.5.pkg b/bin/.go-1.25.5.pkg
diff --git a/bin/go b/bin/go
@@ -1 +1 @@
-.go-1.25.4.pkg
+.go-1.25.5.pkg
diff --git a/bin/gofmt b/bin/gofmt
@@ -1 +1 @@
-.go-1.25.4.pkg
+.go-1.25.5.pkg
diff --git a/go.mod b/go.mod
@@ -1,6 +1,6 @@
 module github.com/elastic/cloudbeat
 
-go 1.25.2
+go 1.25.5
 
 require (
 	cloud.google.com/go/asset v1.21.1
