Addressing security vulnerabilities in the Cadence release v1.3.2

Version of Cadence server, and client(which language)
Server version: v1.3.2

Describe the bug
There are CVEs found from the latest Cadence image: ubercadence/server:v1.3.2

To Reproduce
Is the issue reproducible?

    Yes

Steps to reproduce the behavior:

    Pull the latest image ubercadence/server:v1.3.2 from Dockerhub
    Scan the image with any vulnerability scanner
CVE | SEVERITY | CVSS | PACKAGE | VERSION | FIXIN
-- | -- | -- | -- | -- | --
CVE-2025-30204 | high | 8.7 | github.com/golang-jwt/jwt/v5 | v5.2.0 |	5.2.2
PRISMA-2023-0056 | medium | 6.20 | github.com/sirupsen/logrus | v1.9.0 | v1.9.3
CWE-400 | HIGH | 8.7 | github.com/sirupsen/logrus | v1.9.0 | v1.9.1
CVE-2025-22868 | HIGH | 8.7 | golang.org/x/oauth2/jws | v0.11.0 | 0.27.0

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Addressing security vulnerabilities in the Cadence release v1.3.2 #7088

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CVE	SEVERITY	CVSS	PACKAGE	VERSION	FIXIN
CVE-2025-30204	high	8.7	github.com/golang-jwt/jwt/v5	v5.2.0	5.2.2
PRISMA-2023-0056	medium	6.20	github.com/sirupsen/logrus	v1.9.0	v1.9.3
CWE-400	HIGH	8.7	github.com/sirupsen/logrus	v1.9.0	v1.9.1
CVE-2025-22868	HIGH	8.7	golang.org/x/oauth2/jws	v0.11.0	0.27.0

Addressing security vulnerabilities in the Cadence release v1.3.2 #7088

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions