The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

The net/http package improperly accepts a bare LF as a line terminator ...

Security update for go1.24

Security update for go1.23

Moderate: weldr-client security update

Moderate: git-lfs security update

Moderate: grafana-pcp security update

Moderate: grafana security update

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

ELSA-2025-9845: weldr-client security update (MODERATE)

ELSA-2025-9844: osbuild-composer security update (MODERATE)

ELSA-2025-9635: weldr-client security update (MODERATE)

ELSA-2025-9634: osbuild-composer security update (MODERATE)

ELSA-2025-9623: osbuild-composer security update (MODERATE)

ELSA-2025-9317: delve security update (MODERATE)

ELSA-2025-9156: golang-github-openprinting-ipp-usb security update (MODERATE)

ELSA-2025-9151: gvisor-tap-vsock security update (MODERATE)