Latest relesae v0.3.1 has CVE GO-2026-4337

[yhzs8]

Observed behavior

Latest v0.3.1 (built with go1.25.6) has CVE vulnerability https://pkg.go.dev/vuln/GO-2026-4337, can we release a new version with go1.25.7?

Expected behavior

No CVE vulnerability reported

Server and client version

v0.3.1

Host environment

No response

Steps to reproduce

No response

[ripienaar]

There will be a release in the next few weeks when the next server major release lands.

[yhzs8]

For now we manually built v0.3.1 using go1.25.7