To update the prebuilt executable you can run
./pocketbase update.
- Upgraded
golang.org/x/netto 0.33.0 to fix CVE-2024-45338.
PocketBase uses the vulnerable functions primarily for the auto html->text mail generation, but most applications shouldn't be affected unless you are manually embedding unrestricted user provided value in your mail templates.
If you are extending PocketBase with Go and upgrading with go get -u make sure to manually set in your go.mod the modernc.org/libc indirect dependency to v1.55.3, aka. the exact same version the modernc.org/sqlite driver is using.