github pulumi/pulumi-aws v6.83.4
on GitHub

latest release: sdk/v6.83.4
9 hours ago

Address reported CVEs via Go toolchain and dependency bumps 

Go toolchain -> 1.25.7 (provider/go.mod, sdk/go.mod) resolves the stdlib CVEs:
- CVE-2025-68121  crypto/tls session-resumption certificate validation bypass
- CVE-2025-61726  net/http Request.ParseForm unbounded query params (DoS)
- CVE-2025-61728  archive/zip super-linear filename indexing (DoS)
- CVE-2025-61730  crypto/tls 1.3 handshake cross-level info disclosure
- CVE-2025-61731  cmd/go cgo pkg-config --log-file arbitrary file write
- CVE-2025-61732  cmd/cgo doc-comment code smuggling

cloudflare/circl -> v1.6.3 resolves CVE-2026-1229 (CIRCL p384 CombinedMult).
go-git/go-git/v5 -> v5.16.5 resolves CVE-2026-25934 (go-git packfile integrity).

go-git v5.16.5 requires Go 1.24, so the sdk go directive rises 1.23.0 -> 1.24.0.
Check out latest releases or
releases around pulumi/pulumi-aws v6.83.4

Don't miss a new pulumi-aws release

NewReleases is sending notifications on new releases.

Get notifications