Addressing security vulnerabilities in the Cadence release v1.3.3, v1.3.4

Version of Cadence server, and client(which language)
Server version: v1.3.3

Describe the bug
There are CVEs found from the latest Cadence image: ubercadence/server:v1.3.3

To Reproduce
Is the issue reproducible?

    Yes

Steps to reproduce the behavior:

    Pull the latest image ubercadence/server:v1.3.3 from Dockerhub
    Scan the image with any vulnerability scanner
CVE | SEVERITY | CVSS | PACKAGE | VERSION | FIXIN
-- | -- | -- | -- | -- | --
CVE-2025-30204 | high | 8.7 | github.com/golang-jwt/jwt/v5 | v5.2.0 |	5.2.2
CWE-400 | HIGH | 8.7 | github.com/sirupsen/logrus | v1.9.0 | v1.9.1
CVE-2025-22868 | HIGH | 8.7 | golang.org/x/oauth2/jws | v0.11.0 | 0.27.0

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Addressing security vulnerabilities in the Cadence release v1.3.3, v1.3.4 #7185

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CVE	SEVERITY	CVSS	PACKAGE	VERSION	FIXIN
CVE-2025-30204	high	8.7	github.com/golang-jwt/jwt/v5	v5.2.0	5.2.2
CWE-400	HIGH	8.7	github.com/sirupsen/logrus	v1.9.0	v1.9.1
CVE-2025-22868	HIGH	8.7	golang.org/x/oauth2/jws	v0.11.0	0.27.0

Addressing security vulnerabilities in the Cadence release v1.3.3, v1.3.4 #7185

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions