Bump sigstore/timestamp-authority to v2.0.3+ to fix CVE-2025-66564

## Summary

CVE-2025-66564: Sigstore Timestamp Authority DoS via excessive OID or Content-Type header parsing.

## Current State

- main: v1.2.9
- release-v0.42.0: v1.2.8
- release-v0.37.2: v1.2.2

## Required

Bump `github.com/sigstore/timestamp-authority` to v2.0.3+.

## References

- https://github.com/sigstore/timestamp-authority/security/advisories/GHSA-4qg8-fj49-pxjh
- https://nvd.nist.gov/vuln/detail/CVE-2025-66564

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump sigstore/timestamp-authority to v2.0.3+ to fix CVE-2025-66564 #2717

Summary

Current State

Required

References

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Bump sigstore/timestamp-authority to v2.0.3+ to fix CVE-2025-66564 #2717

Description

Summary

Current State

Required

References

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions