CVE-2025-59530: Vulnerability in dependency quic-go v0.51.0

[jcheng-duo]

Issue Details

CVE-2025-59530 describes a denial of service attack that is exploitable on dependency quic-go. The CVE report states that this affects "versions prior to 0.49.0, 0.54.1, and 0.55.0". The fix for this was merged into quic-go on October 3rd, 2025, while quic-go v0.51.0 was published on March 21, 2025

To resolve this, quic-go should be updated to v0.55.0

Assistance Disclosure

AI not used

If AI was used, describe the extent to which it was used.

No response

[mohammed90]

Already upgraded, just unreleased a new version yet.

[jcheng-duo]

Any idea when the next release will be?
Thanks @mohammed90 and apologies for the duplicate ticket.

[mohammed90]

We don't have fixed schedule. Hopefully a release will go out in the coming month, especially that we're awaiting the #7356.