Skip to content

[cherry-pick v20260318] fix(security): bump Go to 1.25.10 and golang.org/x/net to v0.55.0#8556

Open
djsly wants to merge 1 commit into
official/v20260318from
djsly/icm-796913379-cve-go-1.25.10-v20260318
Open

[cherry-pick v20260318] fix(security): bump Go to 1.25.10 and golang.org/x/net to v0.55.0#8556
djsly wants to merge 1 commit into
official/v20260318from
djsly/icm-796913379-cve-go-1.25.10-v20260318

Conversation

@djsly
Copy link
Copy Markdown
Collaborator

@djsly djsly commented May 22, 2026
edited
Loading

Summary

Cherry-pick of #8551 to official/vv20260318.

Bumps the Go toolchain and golang.org/x/net to address upstream CVEs:

Vulnerability CVE Component Fixed by
net/mail DoS via crafted addresses CVE-2026-39820 net/mail (stdlib) Go 1.25.10
cmd/go pack subcommand directory traversal CVE-2026-39817 cmd/go (stdlib) Go 1.25.10
HTTP/2 + IPv6 host parsing fixes (various, see x/net release notes) golang.org/x/net v0.55.0

Why bump to Go 1.25 (and not a 1.24.x patch)

Go 1.24 reached EOL in February 2026 and does NOT receive security backports. go1.25.10 is the only release stream that contains these fixes.

golang.org/x/net v0.51.0+ also requires go 1.25.0 in its own go.mod, so the Go bump is required regardless.

Verification

  • go mod tidy succeeds for every module in the branch.
  • go build ./... clean across every module.
  • PR CI must pull go 1.25 runners.

Release plan

Once merged, two tags are pushed off the resulting commit:

  • v0.v20260318.<N+1> (AgentBaker module)
  • aks-node-controller/v0.v20260318.<N+1> (aks-node-controller submodule)

🤖 Generated with GitHub Copilot CLI

@djsly
fix(security): bump Go to 1.25.10 and x/net to v0.55.0
4883fda 
IcM 796913379

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings May 22, 2026 17:16
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 22, 2026

Changes cached containers or packages on windows VHDs

Please get a Windows SIG member to approve.

The following dif file shows any additions or deletions from what will be cached on windows VHDs organised by VHD type.

  • Additions are new things cached.
  • Deletions are things no longer cached.
diff --git a/vhd_files/2022-containerd-gen2.txt b/vhd_files/2022-containerd-gen2.txt
index 88166c3..1bdb68f 100644
--- a/vhd_files/2022-containerd-gen2.txt
+++ b/vhd_files/2022-containerd-gen2.txt
@@ -4 +4 @@ c:\akse-cache\: https://packages.aks.azure.com/ccgakvplugin/v1.1.5/binaries/wind
-c:\akse-cache\aks-secure-tls-bootstrap-client\: https://github.com/Azure/aks-secure-tls-bootstrap/releases/download/client/v1.1.2/windows-amd64.zip
+c:\akse-cache\aks-secure-tls-bootstrap-client\: https://github.com/Azure/aks-secure-tls-bootstrap/releases/download/client/v1.0.2/windows-amd64.zip
@@ -28,2 +28,3 @@ c:\akse-cache\win-k8s\: https://packages.aks.azure.com/kubernetes/v1.32.12/windo
-c:\akse-cache\win-k8s\: https://packages.aks.azure.com/kubernetes/v1.33.10/windowszip/v1.33.10-1int.zip
-c:\akse-cache\win-k8s\: https://packages.aks.azure.com/kubernetes/v1.33.11/windowszip/v1.33.11-1int.zip
+c:\akse-cache\win-k8s\: https://packages.aks.azure.com/kubernetes/v1.33.7/windowszip/v1.33.7-1int.zip
+c:\akse-cache\win-k8s\: https://packages.aks.azure.com/kubernetes/v1.33.8/windowszip/v1.33.8-1int.zip
+c:\akse-cache\win-k8s\: https://packages.aks.azure.com/kubernetes/v1.34.3/windowszip/v1.34.3-1int.zip
@@ -31 +31,0 @@ c:\akse-cache\win-k8s\: https://packages.aks.azure.com/kubernetes/v1.34.4/window
-c:\akse-cache\win-k8s\: https://packages.aks.azure.com/kubernetes/v1.34.7/windowszip/v1.34.7-1int.zip
@@ -44 +43,0 @@ HKLM:\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides\14
-HKLM:\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides\1491587726=1
@@ -69 +67,0 @@ HKLM:\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides\36
-HKLM:\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides\3658215055=1
@@ -76 +73,0 @@ HKLM:\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides\41
-HKLM:\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides\4173449358=1
@@ -106,3 +103,3 @@ mcr.microsoft.com/containernetworking/azure-cni:v1.5.50
-mcr.microsoft.com/containernetworking/azure-cni:v1.6.43-0
-mcr.microsoft.com/containernetworking/azure-cni:v1.7.16-0
-mcr.microsoft.com/containernetworking/azure-cni:v1.8.6-0
+mcr.microsoft.com/containernetworking/azure-cni:v1.6.35-0
+mcr.microsoft.com/containernetworking/azure-cni:v1.7.9-0
+mcr.microsoft.com/containernetworking/azure-cni:v1.8.1-0
@@ -110,3 +107,9 @@ mcr.microsoft.com/containernetworking/azure-cns:v1.5.50
-mcr.microsoft.com/containernetworking/azure-cns:v1.6.43-0
-mcr.microsoft.com/containernetworking/azure-cns:v1.7.16-0
-mcr.microsoft.com/containernetworking/azure-cns:v1.8.6-0
+mcr.microsoft.com/containernetworking/azure-cns:v1.6.35-0
+mcr.microsoft.com/containernetworking/azure-cns:v1.7.9-0
+mcr.microsoft.com/containernetworking/azure-cns:v1.8.1-0
+mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.31.12-windows-hpc
+mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.31.9-windows-hpc
+mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.32.11-windows-hpc
+mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.32.8-windows-hpc
+mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.33.3-windows-hpc
+mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.33.6-windows-hpc
@@ -115,8 +118,5 @@ mcr.microsoft.com/oss/v2/azure/secrets-store/provider-azure:v1.7.2
-mcr.microsoft.com/oss/v2/kubernetes-csi/azuredisk-csi:v1.33.9-windows-hp
-mcr.microsoft.com/oss/v2/kubernetes-csi/azuredisk-csi:v1.34.3-windows-hp
-mcr.microsoft.com/oss/v2/kubernetes-csi/azurefile-csi:v1.33.10-windows-hp
-mcr.microsoft.com/oss/v2/kubernetes-csi/azurefile-csi:v1.33.9-windows-hp
-mcr.microsoft.com/oss/v2/kubernetes-csi/azurefile-csi:v1.34.5-windows-hp
-mcr.microsoft.com/oss/v2/kubernetes-csi/azurefile-csi:v1.34.6-windows-hp
-mcr.microsoft.com/oss/v2/kubernetes-csi/azurefile-csi:v1.35.2-windows-hp
-mcr.microsoft.com/oss/v2/kubernetes-csi/azurefile-csi:v1.35.3-windows-hp
+mcr.microsoft.com/oss/v2/kubernetes-csi/azuredisk-csi:v1.33.8-windows-hp
+mcr.microsoft.com/oss/v2/kubernetes-csi/azuredisk-csi:v1.34.2-windows-hp
+mcr.microsoft.com/oss/v2/kubernetes-csi/azurefile-csi:v1.33.8-windows-hp
+mcr.microsoft.com/oss/v2/kubernetes-csi/azurefile-csi:v1.34.4-windows-hp
+mcr.microsoft.com/oss/v2/kubernetes-csi/azurefile-csi:v1.35.1-windows-hp
@@ -128,3 +128,3 @@ mcr.microsoft.com/oss/v2/kubernetes-csi/secrets-store/driver:v1.5.4
-mcr.microsoft.com/oss/v2/kubernetes/azure-cloud-node-manager:v1.33.11-windows-hpc-1
-mcr.microsoft.com/oss/v2/kubernetes/azure-cloud-node-manager:v1.34.8-windows-hpc-1
-mcr.microsoft.com/oss/v2/kubernetes/azure-cloud-node-manager:v1.35.3-windows-hpc-1
+mcr.microsoft.com/oss/v2/kubernetes/azure-cloud-node-manager:v1.32.11-windows-hpc-1
+mcr.microsoft.com/oss/v2/kubernetes/azure-cloud-node-manager:v1.33.6-windows-hpc-1
+mcr.microsoft.com/oss/v2/kubernetes/azure-cloud-node-manager:v1.34.3-windows-hpc-1
@@ -133,2 +133,2 @@ mcr.microsoft.com/windows/nanoserver:ltsc2022
-mcr.microsoft.com/windows/servercore:10.0.20348.5020
-mcr.microsoft.com/windows/servercore:10.0.20348.5139
+mcr.microsoft.com/windows/servercore:10.0.20348.4773
+mcr.microsoft.com/windows/servercore:10.0.20348.4893
@@ -140 +140 @@ Windows 2022-containerd-gen2 base image sku: 2022-datacenter-core-smalldisk-g2
-Windows 2022-containerd-gen2 base version: 20348.5139.260507
+Windows 2022-containerd-gen2 base version: 20348.4893.260303
diff --git a/vhd_files/2022-containerd.txt b/vhd_files/2022-containerd.txt
index b3f76e6..7508d96 100644
--- a/vhd_files/2022-containerd.txt
+++ b/vhd_files/2022-containerd.txt
@@ -4 +4 @@ c:\akse-cache\: https://packages.aks.azure.com/ccgakvplugin/v1.1.5/binaries/wind
-c:\akse-cache\aks-secure-tls-bootstrap-client\: https://github.com/Azure/aks-secure-tls-bootstrap/releases/download/client/v1.1.2/windows-amd64.zip
+c:\akse-cache\aks-secure-tls-bootstrap-client\: https://github.com/Azure/aks-secure-tls-bootstrap/releases/download/client/v1.0.2/windows-amd64.zip
@@ -28,2 +28,3 @@ c:\akse-cache\win-k8s\: https://packages.aks.azure.com/kubernetes/v1.32.12/windo
-c:\akse-cache\win-k8s\: https://packages.aks.azure.com/kubernetes/v1.33.10/windowszip/v1.33.10-1int.zip
-c:\akse-cache\win-k8s\: https://packages.aks.azure.com/kubernetes/v1.33.11/windowszip/v1.33.11-1int.zip
+c:\akse-cache\win-k8s\: https://packages.aks.azure.com/kubernetes/v1.33.7/windowszip/v1.33.7-1int.zip
+c:\akse-cache\win-k8s\: https://packages.aks.azure.com/kubernetes/v1.33.8/windowszip/v1.33.8-1int.zip
+c:\akse-cache\win-k8s\: https://packages.aks.azure.com/kubernetes/v1.34.3/windowszip/v1.34.3-1int.zip
@@ -31 +31,0 @@ c:\akse-cache\win-k8s\: https://packages.aks.azure.com/kubernetes/v1.34.4/window
-c:\akse-cache\win-k8s\: https://packages.aks.azure.com/kubernetes/v1.34.7/windowszip/v1.34.7-1int.zip
@@ -44 +43,0 @@ HKLM:\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides\14
-HKLM:\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides\1491587726=1
@@ -69 +67,0 @@ HKLM:\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides\36
-HKLM:\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides\3658215055=1
@@ -76 +73,0 @@ HKLM:\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides\41
-HKLM:\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides\4173449358=1
@@ -106,3 +103,3 @@ mcr.microsoft.com/containernetworking/azure-cni:v1.5.50
-mcr.microsoft.com/containernetworking/azure-cni:v1.6.43-0
-mcr.microsoft.com/containernetworking/azure-cni:v1.7.16-0
-mcr.microsoft.com/containernetworking/azure-cni:v1.8.6-0
+mcr.microsoft.com/containernetworking/azure-cni:v1.6.35-0
+mcr.microsoft.com/containernetworking/azure-cni:v1.7.9-0
+mcr.microsoft.com/containernetworking/azure-cni:v1.8.1-0
@@ -110,3 +107,9 @@ mcr.microsoft.com/containernetworking/azure-cns:v1.5.50
-mcr.microsoft.com/containernetworking/azure-cns:v1.6.43-0
-mcr.microsoft.com/containernetworking/azure-cns:v1.7.16-0
-mcr.microsoft.com/containernetworking/azure-cns:v1.8.6-0
+mcr.microsoft.com/containernetworking/azure-cns:v1.6.35-0
+mcr.microsoft.com/containernetworking/azure-cns:v1.7.9-0
+mcr.microsoft.com/containernetworking/azure-cns:v1.8.1-0
+mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.31.12-windows-hpc
+mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.31.9-windows-hpc
+mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.32.11-windows-hpc
+mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.32.8-windows-hpc
+mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.33.3-windows-hpc
+mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.33.6-windows-hpc
@@ -115,8 +118,5 @@ mcr.microsoft.com/oss/v2/azure/secrets-store/provider-azure:v1.7.2
-mcr.microsoft.com/oss/v2/kubernetes-csi/azuredisk-csi:v1.33.9-windows-hp
-mcr.microsoft.com/oss/v2/kubernetes-csi/azuredisk-csi:v1.34.3-windows-hp
-mcr.microsoft.com/oss/v2/kubernetes-csi/azurefile-csi:v1.33.10-windows-hp
-mcr.microsoft.com/oss/v2/kubernetes-csi/azurefile-csi:v1.33.9-windows-hp
-mcr.microsoft.com/oss/v2/kubernetes-csi/azurefile-csi:v1.34.5-windows-hp
-mcr.microsoft.com/oss/v2/kubernetes-csi/azurefile-csi:v1.34.6-windows-hp
-mcr.microsoft.com/oss/v2/kubernetes-csi/azurefile-csi:v1.35.2-windows-hp
-mcr.microsoft.com/oss/v2/kubernetes-csi/azurefile-csi:v1.35.3-windows-hp
+mcr.microsoft.com/oss/v2/kubernetes-csi/azuredisk-csi:v1.33.8-windows-hp
+mcr.microsoft.com/oss/v2/kubernetes-csi/azuredisk-csi:v1.34.2-windows-hp
+mcr.microsoft.com/oss/v2/kubernetes-csi/azurefile-csi:v1.33.8-windows-hp
+mcr.microsoft.com/oss/v2/kubernetes-csi/azurefile-csi:v1.34.4-windows-hp
+mcr.microsoft.com/oss/v2/kubernetes-csi/azurefile-csi:v1.35.1-windows-hp
@@ -128,3 +128,3 @@ mcr.microsoft.com/oss/v2/kubernetes-csi/secrets-store/driver:v1.5.4
-mcr.microsoft.com/oss/v2/kubernetes/azure-cloud-node-manager:v1.33.11-windows-hpc-1
-mcr.microsoft.com/oss/v2/kubernetes/azure-cloud-node-manager:v1.34.8-windows-hpc-1
-mcr.microsoft.com/oss/v2/kubernetes/azure-cloud-node-manager:v1.35.3-windows-hpc-1
+mcr.microsoft.com/oss/v2/kubernetes/azure-cloud-node-manager:v1.32.11-windows-hpc-1
+mcr.microsoft.com/oss/v2/kubernetes/azure-cloud-node-manager:v1.33.6-windows-hpc-1
+mcr.microsoft.com/oss/v2/kubernetes/azure-cloud-node-manager:v1.34.3-windows-hpc-1
@@ -133,2 +133,2 @@ mcr.microsoft.com/windows/nanoserver:ltsc2022
-mcr.microsoft.com/windows/servercore:10.0.20348.5020
-mcr.microsoft.com/windows/servercore:10.0.20348.5139
+mcr.microsoft.com/windows/servercore:10.0.20348.4773
+mcr.microsoft.com/windows/servercore:10.0.20348.4893
@@ -140 +140 @@ Windows 2022-containerd base image sku: 2022-Datacenter-Core-smalldisk
-Windows 2022-containerd base version: 20348.5139.260507
+Windows 2022-containerd base version: 20348.4893.260303
diff --git a/vhd_files/2025-gen2.txt b/vhd_files/2025-gen2.txt
index 7baa7a5..01dd2a6 100644
--- a/vhd_files/2025-gen2.txt
+++ b/vhd_files/2025-gen2.txt
@@ -4 +4 @@ c:\akse-cache\: https://packages.aks.azure.com/ccgakvplugin/v1.1.5/binaries/wind
-c:\akse-cache\aks-secure-tls-bootstrap-client\: https://github.com/Azure/aks-secure-tls-bootstrap/releases/download/client/v1.1.2/windows-amd64.zip
+c:\akse-cache\aks-secure-tls-bootstrap-client\: https://github.com/Azure/aks-secure-tls-bootstrap/releases/download/client/v1.0.2/windows-amd64.zip
@@ -15 +14,0 @@ c:\akse-cache\csi-proxy\: https://packages.aks.azure.com/csi-proxy/v1.1.2-hotfix
-c:\akse-cache\wcn\: mcr.microsoft.com/wcn/package:1.7.0-cpu-arch
@@ -26,2 +25,3 @@ c:\akse-cache\win-k8s\: https://packages.aks.azure.com/kubernetes/v1.32.12/windo
-c:\akse-cache\win-k8s\: https://packages.aks.azure.com/kubernetes/v1.33.10/windowszip/v1.33.10-1int.zip
-c:\akse-cache\win-k8s\: https://packages.aks.azure.com/kubernetes/v1.33.11/windowszip/v1.33.11-1int.zip
+c:\akse-cache\win-k8s\: https://packages.aks.azure.com/kubernetes/v1.33.7/windowszip/v1.33.7-1int.zip
+c:\akse-cache\win-k8s\: https://packages.aks.azure.com/kubernetes/v1.33.8/windowszip/v1.33.8-1int.zip
+c:\akse-cache\win-k8s\: https://packages.aks.azure.com/kubernetes/v1.34.3/windowszip/v1.34.3-1int.zip
@@ -29 +28,0 @@ c:\akse-cache\win-k8s\: https://packages.aks.azure.com/kubernetes/v1.34.4/window
-c:\akse-cache\win-k8s\: https://packages.aks.azure.com/kubernetes/v1.34.7/windowszip/v1.34.7-1int.zip
@@ -32,2 +30,0 @@ c:\akse-cache\win-vnet-cni\: https://packages.aks.azure.com/azure-cni/v1.6.21/bi
-HKLM:\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides\1451608719=1
-HKLM:\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides\1861198479=1
@@ -36,3 +33,3 @@ mcr.microsoft.com/containernetworking/azure-cni:v1.5.50
-mcr.microsoft.com/containernetworking/azure-cni:v1.6.43-0
-mcr.microsoft.com/containernetworking/azure-cni:v1.7.16-0
-mcr.microsoft.com/containernetworking/azure-cni:v1.8.6-0
+mcr.microsoft.com/containernetworking/azure-cni:v1.6.35-0
+mcr.microsoft.com/containernetworking/azure-cni:v1.7.9-0
+mcr.microsoft.com/containernetworking/azure-cni:v1.8.1-0
@@ -40,3 +37,9 @@ mcr.microsoft.com/containernetworking/azure-cns:v1.5.50
-mcr.microsoft.com/containernetworking/azure-cns:v1.6.43-0
-mcr.microsoft.com/containernetworking/azure-cns:v1.7.16-0
-mcr.microsoft.com/containernetworking/azure-cns:v1.8.6-0
+mcr.microsoft.com/containernetworking/azure-cns:v1.6.35-0
+mcr.microsoft.com/containernetworking/azure-cns:v1.7.9-0
+mcr.microsoft.com/containernetworking/azure-cns:v1.8.1-0
+mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.31.12-windows-hpc
+mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.31.9-windows-hpc
+mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.32.11-windows-hpc
+mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.32.8-windows-hpc
+mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.33.3-windows-hpc
+mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.33.6-windows-hpc
@@ -45,8 +48,5 @@ mcr.microsoft.com/oss/v2/azure/secrets-store/provider-azure:v1.7.2
-mcr.microsoft.com/oss/v2/kubernetes-csi/azuredisk-csi:v1.33.9-windows-hp
-mcr.microsoft.com/oss/v2/kubernetes-csi/azuredisk-csi:v1.34.3-windows-hp
-mcr.microsoft.com/oss/v2/kubernetes-csi/azurefile-csi:v1.33.10-windows-hp
-mcr.microsoft.com/oss/v2/kubernetes-csi/azurefile-csi:v1.33.9-windows-hp
-mcr.microsoft.com/oss/v2/kubernetes-csi/azurefile-csi:v1.34.5-windows-hp
-mcr.microsoft.com/oss/v2/kubernetes-csi/azurefile-csi:v1.34.6-windows-hp
-mcr.microsoft.com/oss/v2/kubernetes-csi/azurefile-csi:v1.35.2-windows-hp
-mcr.microsoft.com/oss/v2/kubernetes-csi/azurefile-csi:v1.35.3-windows-hp
+mcr.microsoft.com/oss/v2/kubernetes-csi/azuredisk-csi:v1.33.8-windows-hp
+mcr.microsoft.com/oss/v2/kubernetes-csi/azuredisk-csi:v1.34.2-windows-hp
+mcr.microsoft.com/oss/v2/kubernetes-csi/azurefile-csi:v1.33.8-windows-hp
+mcr.microsoft.com/oss/v2/kubernetes-csi/azurefile-csi:v1.34.4-windows-hp
+mcr.microsoft.com/oss/v2/kubernetes-csi/azurefile-csi:v1.35.1-windows-hp
@@ -58,3 +58,3 @@ mcr.microsoft.com/oss/v2/kubernetes-csi/secrets-store/driver:v1.5.4
-mcr.microsoft.com/oss/v2/kubernetes/azure-cloud-node-manager:v1.33.11-windows-hpc-1
-mcr.microsoft.com/oss/v2/kubernetes/azure-cloud-node-manager:v1.34.8-windows-hpc-1
-mcr.microsoft.com/oss/v2/kubernetes/azure-cloud-node-manager:v1.35.3-windows-hpc-1
+mcr.microsoft.com/oss/v2/kubernetes/azure-cloud-node-manager:v1.32.11-windows-hpc-1
+mcr.microsoft.com/oss/v2/kubernetes/azure-cloud-node-manager:v1.33.6-windows-hpc-1
+mcr.microsoft.com/oss/v2/kubernetes/azure-cloud-node-manager:v1.34.3-windows-hpc-1
@@ -64,4 +64,4 @@ mcr.microsoft.com/windows/nanoserver:ltsc2025
-mcr.microsoft.com/windows/servercore:10.0.20348.5020
-mcr.microsoft.com/windows/servercore:10.0.20348.5139
-mcr.microsoft.com/windows/servercore:10.0.26100.32690
-mcr.microsoft.com/windows/servercore:10.0.26100.32860
+mcr.microsoft.com/windows/servercore:10.0.20348.4773
+mcr.microsoft.com/windows/servercore:10.0.20348.4893
+mcr.microsoft.com/windows/servercore:10.0.26100.32370
+mcr.microsoft.com/windows/servercore:10.0.26100.32522
@@ -71,2 +70,0 @@ mcr.microsoft.com/windows/servercore/iis:windowsservercore-ltsc2025
-Windows 2025-gen2 base image offer: WindowsServer
-Windows 2025-gen2 base image publisher: MicrosoftWindowsServer
@@ -74 +72 @@ Windows 2025-gen2 base image sku: 2025-datacenter-core-smalldisk-g2
-Windows 2025-gen2 base version: 26100.32860.260510
+Windows 2025-gen2 base version: 26100.32522.260306
diff --git a/vhd_files/2025.txt b/vhd_files/2025.txt
index f747f05..d4a8ed1 100644
--- a/vhd_files/2025.txt
+++ b/vhd_files/2025.txt
@@ -4 +4 @@ c:\akse-cache\: https://packages.aks.azure.com/ccgakvplugin/v1.1.5/binaries/wind
-c:\akse-cache\aks-secure-tls-bootstrap-client\: https://github.com/Azure/aks-secure-tls-bootstrap/releases/download/client/v1.1.2/windows-amd64.zip
+c:\akse-cache\aks-secure-tls-bootstrap-client\: https://github.com/Azure/aks-secure-tls-bootstrap/releases/download/client/v1.0.2/windows-amd64.zip
@@ -15 +14,0 @@ c:\akse-cache\csi-proxy\: https://packages.aks.azure.com/csi-proxy/v1.1.2-hotfix
-c:\akse-cache\wcn\: mcr.microsoft.com/wcn/package:1.7.0-cpu-arch
@@ -26,2 +25,3 @@ c:\akse-cache\win-k8s\: https://packages.aks.azure.com/kubernetes/v1.32.12/windo
-c:\akse-cache\win-k8s\: https://packages.aks.azure.com/kubernetes/v1.33.10/windowszip/v1.33.10-1int.zip
-c:\akse-cache\win-k8s\: https://packages.aks.azure.com/kubernetes/v1.33.11/windowszip/v1.33.11-1int.zip
+c:\akse-cache\win-k8s\: https://packages.aks.azure.com/kubernetes/v1.33.7/windowszip/v1.33.7-1int.zip
+c:\akse-cache\win-k8s\: https://packages.aks.azure.com/kubernetes/v1.33.8/windowszip/v1.33.8-1int.zip
+c:\akse-cache\win-k8s\: https://packages.aks.azure.com/kubernetes/v1.34.3/windowszip/v1.34.3-1int.zip
@@ -29 +28,0 @@ c:\akse-cache\win-k8s\: https://packages.aks.azure.com/kubernetes/v1.34.4/window
-c:\akse-cache\win-k8s\: https://packages.aks.azure.com/kubernetes/v1.34.7/windowszip/v1.34.7-1int.zip
@@ -32,2 +30,0 @@ c:\akse-cache\win-vnet-cni\: https://packages.aks.azure.com/azure-cni/v1.6.21/bi
-HKLM:\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides\1451608719=1
-HKLM:\SYSTEM\CurrentControlSet\Policies\Microsoft\FeatureManagement\Overrides\1861198479=1
@@ -36,3 +33,3 @@ mcr.microsoft.com/containernetworking/azure-cni:v1.5.50
-mcr.microsoft.com/containernetworking/azure-cni:v1.6.43-0
-mcr.microsoft.com/containernetworking/azure-cni:v1.7.16-0
-mcr.microsoft.com/containernetworking/azure-cni:v1.8.6-0
+mcr.microsoft.com/containernetworking/azure-cni:v1.6.35-0
+mcr.microsoft.com/containernetworking/azure-cni:v1.7.9-0
+mcr.microsoft.com/containernetworking/azure-cni:v1.8.1-0
@@ -40,3 +37,9 @@ mcr.microsoft.com/containernetworking/azure-cns:v1.5.50
-mcr.microsoft.com/containernetworking/azure-cns:v1.6.43-0
-mcr.microsoft.com/containernetworking/azure-cns:v1.7.16-0
-mcr.microsoft.com/containernetworking/azure-cns:v1.8.6-0
+mcr.microsoft.com/containernetworking/azure-cns:v1.6.35-0
+mcr.microsoft.com/containernetworking/azure-cns:v1.7.9-0
+mcr.microsoft.com/containernetworking/azure-cns:v1.8.1-0
+mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.31.12-windows-hpc
+mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.31.9-windows-hpc
+mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.32.11-windows-hpc
+mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.32.8-windows-hpc
+mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.33.3-windows-hpc
+mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.33.6-windows-hpc
@@ -45,8 +48,5 @@ mcr.microsoft.com/oss/v2/azure/secrets-store/provider-azure:v1.7.2
-mcr.microsoft.com/oss/v2/kubernetes-csi/azuredisk-csi:v1.33.9-windows-hp
-mcr.microsoft.com/oss/v2/kubernetes-csi/azuredisk-csi:v1.34.3-windows-hp
-mcr.microsoft.com/oss/v2/kubernetes-csi/azurefile-csi:v1.33.10-windows-hp
-mcr.microsoft.com/oss/v2/kubernetes-csi/azurefile-csi:v1.33.9-windows-hp
-mcr.microsoft.com/oss/v2/kubernetes-csi/azurefile-csi:v1.34.5-windows-hp
-mcr.microsoft.com/oss/v2/kubernetes-csi/azurefile-csi:v1.34.6-windows-hp
-mcr.microsoft.com/oss/v2/kubernetes-csi/azurefile-csi:v1.35.2-windows-hp
-mcr.microsoft.com/oss/v2/kubernetes-csi/azurefile-csi:v1.35.3-windows-hp
+mcr.microsoft.com/oss/v2/kubernetes-csi/azuredisk-csi:v1.33.8-windows-hp
+mcr.microsoft.com/oss/v2/kubernetes-csi/azuredisk-csi:v1.34.2-windows-hp
+mcr.microsoft.com/oss/v2/kubernetes-csi/azurefile-csi:v1.33.8-windows-hp
+mcr.microsoft.com/oss/v2/kubernetes-csi/azurefile-csi:v1.34.4-windows-hp
+mcr.microsoft.com/oss/v2/kubernetes-csi/azurefile-csi:v1.35.1-windows-hp
@@ -58,3 +58,3 @@ mcr.microsoft.com/oss/v2/kubernetes-csi/secrets-store/driver:v1.5.4
-mcr.microsoft.com/oss/v2/kubernetes/azure-cloud-node-manager:v1.33.11-windows-hpc-1
-mcr.microsoft.com/oss/v2/kubernetes/azure-cloud-node-manager:v1.34.8-windows-hpc-1
-mcr.microsoft.com/oss/v2/kubernetes/azure-cloud-node-manager:v1.35.3-windows-hpc-1
+mcr.microsoft.com/oss/v2/kubernetes/azure-cloud-node-manager:v1.32.11-windows-hpc-1
+mcr.microsoft.com/oss/v2/kubernetes/azure-cloud-node-manager:v1.33.6-windows-hpc-1
+mcr.microsoft.com/oss/v2/kubernetes/azure-cloud-node-manager:v1.34.3-windows-hpc-1
@@ -64,4 +64,4 @@ mcr.microsoft.com/windows/nanoserver:ltsc2025
-mcr.microsoft.com/windows/servercore:10.0.20348.5020
-mcr.microsoft.com/windows/servercore:10.0.20348.5139
-mcr.microsoft.com/windows/servercore:10.0.26100.32690
-mcr.microsoft.com/windows/servercore:10.0.26100.32860
+mcr.microsoft.com/windows/servercore:10.0.20348.4773
+mcr.microsoft.com/windows/servercore:10.0.20348.4893
+mcr.microsoft.com/windows/servercore:10.0.26100.32370
+mcr.microsoft.com/windows/servercore:10.0.26100.32522
@@ -71,2 +70,0 @@ mcr.microsoft.com/windows/servercore/iis:windowsservercore-ltsc2025
-Windows 2025 base image offer: WindowsServer
-Windows 2025 base image publisher: MicrosoftWindowsServer
@@ -74 +72 @@ Windows 2025 base image sku: 2025-datacenter-core-smalldisk
-Windows 2025 base version: 26100.32860.260510
+Windows 2025 base version: 26100.32522.260306

Copilot AI reviewed May 22, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Backports a security remediation to the official/v20260318 branch by updating the Go toolchain requirement and bumping golang.org/x/net (and related x/* deps via tidy), along with aligning CI workflows to Go 1.25.

Changes:

  • Bump all repo Go modules from go 1.24.12 to go 1.25.10.
  • Update golang.org/x/net to v0.55.0 (and refresh go.sum for related x/* dependencies).
  • Update GitHub Actions workflows to use Go 1.25; adjust an e2e panic message formatting to satisfy go vet.

Reviewed changes

Copilot reviewed 15 out of 18 changed files in this pull request and generated 9 comments.

Show a summary per file
File Description
go.mod Updates root module Go version and indirect golang.org/x/* versions.
go.sum Refreshes root module dependency checksums after tidy/resolution changes.
e2e/go.mod Updates e2e module Go version and bumps x/crypto, x/net, etc.
e2e/go.sum Refreshes e2e module dependency checksums after tidy/resolution changes.
e2e/config/config.go Adjusts panic formatting for go vet compatibility (message construction).
aks-node-controller/go.mod Updates aks-node-controller module Go version and indirect deps.
aks-node-controller/go.sum Refreshes aks-node-controller dependency checksums.
vhdbuilder/lister/go.mod Updates Go version for the lister submodule.
vhdbuilder/prefetch/go.mod Updates Go version for the prefetch submodule.
image-fetcher/go.mod Updates Go version for the image-fetcher submodule.
hack/tools/go.mod Updates Go version for the tools submodule.
.github/workflows/check-coverage.yml Bumps CI Go version to 1.25 for coverage job.
.github/workflows/copilot-setup-steps.yml Bumps setup Go version to 1.25 for Copilot setup workflow.
.github/workflows/go-test.yml Bumps CI Go version to 1.25 for unit tests.
.github/workflows/golangci-lint.yml Bumps CI Go version to 1.25 for lint job.
.github/workflows/shellcheck.yml Bumps CI Go version to 1.25 for shellcheck workflow.
.github/workflows/shellspec.yaml Bumps CI Go version to 1.25 for shellspec workflow.
.github/workflows/validate-components.yml Bumps CI Go version to 1.25 for components validation/version consistency jobs.

Comment thread e2e/config/config.go
Comment on lines 181 to 184
privateKeyFileName, err := writePrivateKeyToTempFile(privatePEMBytes)
if err != nil {
panic(fmt.Sprintf("failed to write private key to temp file: %w", err))
panic(fmt.Sprintf("failed to write private key to temp file: %v", err))
}
Comment thread .github/workflows/copilot-setup-steps.yml
Comment on lines 31 to +33
- uses: actions/setup-go@v6
with:
go-version: '1.24'
go-version: '1.25'
Comment thread .github/workflows/go-test.yml
Comment on lines 9 to +11
- uses: actions/setup-go@v6
with:
go-version: '1.24'
go-version: '1.25'
Comment thread .github/workflows/golangci-lint.yml
Comment on lines 23 to +25
- uses: actions/setup-go@v6
with:
go-version: '1.24'
go-version: '1.25'
Comment thread .github/workflows/shellcheck.yml
Comment on lines 9 to +11
- uses: actions/setup-go@v6
with:
go-version: '1.24'
go-version: '1.25'
Comment thread .github/workflows/shellspec.yaml
Comment on lines 9 to +11
- uses: actions/setup-go@v6
with:
go-version: '1.24'
go-version: '1.25'
Comment thread .github/workflows/validate-components.yml
Comment on lines 10 to +12
- uses: actions/setup-go@v6
with:
go-version: '1.24'
go-version: '1.25'
Comment thread .github/workflows/validate-components.yml
Comment on lines 47 to +49
- uses: actions/setup-go@v6
with:
go-version: '1.24'
go-version: '1.25'
Comment thread .github/workflows/check-coverage.yml
Comment on lines 15 to +17
uses: actions/setup-go@v6
with:
go-version: '1.24'
go-version: '1.25'
@djsly djsly changed the title [cherry-pick v20260318] fix(security): bump Go to 1.25.10 and golang.org/x/net to v0.55.0 [IcM 796913379] [cherry-pick v20260318] fix(security): bump Go to 1.25.10 and golang.org/x/net to v0.55.0 May 22, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@Devinwong Devinwong Devinwong approved these changes

@cameronmeissner cameronmeissner Awaiting requested review from cameronmeissner cameronmeissner is a code owner

@ganeshkumarashok ganeshkumarashok Awaiting requested review from ganeshkumarashok ganeshkumarashok is a code owner

@lilypan26 lilypan26 Awaiting requested review from lilypan26 lilypan26 is a code owner

@AbelHu AbelHu Awaiting requested review from AbelHu AbelHu is a code owner

@junjiezhang1997 junjiezhang1997 Awaiting requested review from junjiezhang1997 junjiezhang1997 is a code owner

@phealy phealy Awaiting requested review from phealy phealy is a code owner

@r2k1 r2k1 Awaiting requested review from r2k1 r2k1 is a code owner

@timmy-wright timmy-wright Awaiting requested review from timmy-wright timmy-wright is a code owner

@zachary-bailey zachary-bailey Awaiting requested review from zachary-bailey zachary-bailey is a code owner

@awesomenix awesomenix Awaiting requested review from awesomenix awesomenix is a code owner

@mxj220 mxj220 Awaiting requested review from mxj220 mxj220 is a code owner

@pdamianov-dev pdamianov-dev Awaiting requested review from pdamianov-dev pdamianov-dev is a code owner

@calvin197 calvin197 Awaiting requested review from calvin197 calvin197 is a code owner

@sulixu sulixu Awaiting requested review from sulixu sulixu is a code owner

@surajssd surajssd Awaiting requested review from surajssd surajssd is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@djsly @Devinwong