CVE-2025-44005

### Issue Details

The latest stable release (2.10.2)  still pulls in the vulnerable [github.com/smallstep/certificates](https://github.com/smallstep/certificates) dependency. [Details here](https://www.wiz.io/vulnerability-database/cve/cve-2025-44005).

The fix is already available on the main branch: 8a87bb3ffb8706bbfcaada1d52008a8eb07ad790

Is a security release 2.10.3 required or is this vulnerability not exploitable in caddy? Thanks for clarifying this.

### Assistance Disclosure

AI not used

### If AI was used, describe the extent to which it was used.

_No response_

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CVE-2025-44005 #7420

Issue Details

Assistance Disclosure

If AI was used, describe the extent to which it was used.

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

CVE-2025-44005 #7420

Description

Issue Details

Assistance Disclosure

If AI was used, describe the extent to which it was used.

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions