mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

fix: bump openbao 2.5.0→2.5.1 (CVE-2026-24051 otel/sdk PATH hijack) #589

Merged
jason.woltje merged 1 commits from fix/openbao-otel-cve into main 2026-03-01 03:14:50 +00:00
Conversation 0 Commits 1 Files Changed 1 +1 -1
jason.woltje commented 2026-03-01 02:48:01 +00:00
Owner
Copy Link

Trivy flagged go.opentelemetry.io/otel/sdk v1.39.0 (HIGH) in the OpenBao binary.

Fixed in otel/sdk v1.40.0, which is included in openbao 2.5.1.

One-line Dockerfile change.

Trivy flagged `go.opentelemetry.io/otel/sdk v1.39.0` (HIGH) in the OpenBao binary. Fixed in otel/sdk v1.40.0, which is included in openbao 2.5.1. One-line Dockerfile change.
jason.woltje added 1 commit 2026-03-01 02:48:01 +00:00
fix: bump openbao base image 2.5.0→2.5.1 (CVE-2026-24051)
All checks were successful
ci/woodpecker/push/infra Pipeline was successful
Details
067e1015dd 
go.opentelemetry.io/otel/sdk v1.39.0 had PATH hijacking vulnerability.
Fixed in otel/sdk v1.40.0, included in openbao 2.5.1.
jason.woltje merged commit 7073057e8d into main 2026-03-01 03:14:50 +00:00
jason.woltje deleted branch fix/openbao-otel-cve 2026-03-01 03:14:50 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
ai
AI/LLM integration
 api
Backend/API work
 api
auth
Authentication
 database
database
Database/schema work
 devops
Docker/deployment
 docs
Documentation
 frontend
graph
knowledge-module
migration
Data migration
 orchestrator
Orchestrator service (apps/orchestrator/)
 p0
Critical priority
 p1
High priority
 p2
Medium priority
 p3
Low priority
 performance
Performance work
 phase-1
phase-2
phase-3
phase-4
phase-5
plugin
MoltBot plugin work
 search
security
Security-related
 setup
Initial setup
 testing
Testing/QA
 web
Frontend work
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
jason.woltje
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: mosaic/stack#589
Delete Branch "fix/openbao-otel-cve"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?