GHSA-J9WF-6R2X-HQMX Centrifugo v6.6.0 dependency vulnerabilities

Summary Centrifugo v6.6.0 binary is compiled with Go 1.25.5 and statically links github.com/quic-go/webtransport-go v0.9.0, having 7 known CVEs Go standard library — compiled with Go 1.25.5: | CVE | Severity | CVSS | Fixed In | |-----|----------|------|----------| | CVE-2025-68121 | CRITICAL | 10...

webtransport-go 安全漏洞

webtransport-go is an open-source Go language library developed by quic-go. Versions of webtransport-go prior to 0.10.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of enforcing a size limit on application error message fields, which could lead to excessive memo...