Skip to content

chore(deps): update gorilla/csrf to v1.7.3#22857

Open
ivonaest wants to merge 2 commits intogoharbor:mainfrom
Nordix:fix/gorilla_csrf_update
Open

chore(deps): update gorilla/csrf to v1.7.3#22857
ivonaest wants to merge 2 commits intogoharbor:mainfrom
Nordix:fix/gorilla_csrf_update

Conversation

@ivonaest
Copy link

@ivonaest ivonaest commented Feb 19, 2026

Summary

This PR updates github.com/gorilla/csrf dependency from v1.7.2 to v1.7.3 to address cve

The gorilla/csrf library is used in production code (src/server/middleware/csrf/csrf.go) to protect Harbor's web UI from CSRF attacks. These vulnerabilities affect the core CSRF protection mechanism.
Fixes one out of two CVEs coming from gorilla/csrf.
CVE-2025-47909 remains (no fix available).

Changes made

  • Updated github.com/gorilla/csrf from v1.7.2 to v1.7.3 in src/go.mod
  • Ran go mod tidy to update src/go.sum

Partial output from security scanner Trivy:

cve harbor gorilla

Bump gorilla/csrf to 1.7.3
d5d33a0 
Signed-off-by: ivonaest <ivona.cvije@est.tech>
@ivonaest ivonaest requested a review from a team as a code owner February 19, 2026 14:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@Vad1mo Vad1mo

@wy65701436 wy65701436

@MinerYang MinerYang

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ivonaest @Vad1mo @wy65701436 @MinerYang

Comments