This update for gosec fixes the following issues:
- Update to version 2.26.1:
* Update cosign to v3.0.6 (#1659)
* Sync taint rule docs and add missing CWE mappings for G113/G307 (#1658)
* Update all dependencies (#1657)
* Add G710 rule for open redirect via taint analysis (#1654)
* Fix formatting
* Update the default models use by autofix and phase out the older models
* Format and clean-up the README
* Add HTTP file-serving function to the skins of pathtraversal analyzer
(#1647)
* Skip flaging the TLS min version for go 1.18+ (#1646)
* chore(deps): bump go.opentelemetry.io/otel from 1.39.0 to 1.41.0
(#1645)
* Added filepath.Abs as a sanitizer (#1643)
* Allow rune to byte conversion (#1642)
* Allow platform specific conversions (#1641)
* chore(deps): update all dependencies (#1639)
* chore(deps): update all dependencies (#1634)
* chore(go): update supported Go versions to 1.25.9 and...
Read the Full AdvisoryPatch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP7:
zypper in -t patch openSUSE-2026-167=1
- openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64):
gosec-2.26.1-bp157.2.6.1
https://www.suse.com/security/cve/CVE-2025-22891.html
Get the latest Linux and open source security news straight to your inbox.