Skip to content

Security: Request new release to fix critical CVEs in odo 3.16.1 dependencies #7314

New issue
New issue
Open
Open
Security: Request new release to fix critical CVEs in odo 3.16.1 dependencies#7314
Labels
lifecycle/staleDenotes an issue or PR has remained open with no activity and has become stale.needs-triageIndicates an issue or PR lacks a `triage/*` and requires one.
@p13rr0m

Description

@p13rr0m
p13rr0m
opened on Oct 14, 2025

Hello,

Our ACS scan reports critical CVEs in odo v3.16.1:

  • CVE-2024-41110github.com/docker/docker v20.10.24, fixed in 23.0.15
  • CVE-2025-21613 / 21614github.com/go-git/go-git/v5 v5.11.0, fixed in 5.13.0

Binary source:
https://developers.redhat.com/content-gateway/rest/mirror/pub/openshift-v4/clients/odo/v3.16.1/odo-linux-amd64

Could you please update these dependencies and publish a new odo release that includes the security fixes?

Thanks!

Metadata

Metadata

Assignees

No one assigned

    Labels

    lifecycle/staleDenotes an issue or PR has remained open with no activity and has become stale.needs-triageIndicates an issue or PR lacks a `triage/*` and requires one.

    Type

    No type

    Projects

    odo Project

    Status

    No status

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions