Need upgraded version of go

[sivani01]

Hi,

we are currently using operator-sdk v1.39.0 as the base image to build our operator. During our Security scan as per the CVE (CVE-2025-22871) a vulnerability was reported asking to upgrade to go v1.24.2.

Can we know when a new version of operator-sdk will be released with the required version of go?

[shriacquia]

+1 on the request. helm-operator is impacted due to CVE-2025-22871

[sivani01]

Hi @acornett21 , any update on this?

[acornett21]

Hi @sivani01 sorry for the delay, I only work on this during my free time. I ran a check govulncheck on this repo and this does not show up, only the helm CVEs.

The Helm CVEs will be addressed in

• updating dependencies to latest allowable version(s) #6951

When a downstream builder image becomes available for go 1.24.3, I'll try to make an update/release.

[acornett21]

• Related: Need go v1.24.2 ansible-operator-plugins#143

[sivani01]

Hi, any update on this? Is the downstream builder image available for go 1.24 now?