What's Changed
This patch addresses multiple CVEs in Go dependencies and updates the Elasticsearch image:
- Bump
golang.org/x/cryptov0.37.0 → v0.45.0 (GO-2025-4116, GO-2025-4134, GO-2025-4135) - Bump
golang.org/x/netv0.39.0 → v0.47.0 (GO-2026-4440, GO-2026-4441) - Bump Go 1.24.5 → 1.24.13 for stdlib CVE fixes (crypto/tls, crypto/x509)
- Bump Elasticsearch image to 8.5.0 (#9497)
Full Changelog: v1.28.2...v1.28.3
Helpful links to get you started with Temporal
Temporal Docs
Server
Docker Compose
Helm Chart
Docker images for this release
Server (use the tag 1.28.3)
Server With Auto Setup (what is Auto-Setup?)
Admin-Tools