Skip to content

Eliminate vulnerable golang-jwt/jwt dependency #10109

New issue
New issue
Closed
#10110
Closed
Eliminate vulnerable golang-jwt/jwt dependency#10109
#10110
Assignees
JmPotato
Labels
affects-8.5This bug affects the 8.5.x(LTS) versions.severity/majortype/bugThe issue is confirmed as a bug.
@JmPotato

Description

@JmPotato
JmPotato
opened on Dec 23, 2025

Bug Report

What did you do?

Security audit identified a high-severity vulnerability CVE-2025-30204 in the current project dependency github.com/golang-jwt/jwt.

What did you expect to see?

Update the github.com/golang-jwt/jwt dependency to version 4.5.2 or later.

What did you see instead?

github.com/golang-jwt/jwt v3.2.2+incompatible is in use.

What version of PD are you using (pd-server -V)?

9fe5653

Metadata

Metadata

Assignees

Labels

affects-8.5This bug affects the 8.5.x(LTS) versions.severity/majortype/bugThe issue is confirmed as a bug.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions