| Release | Version |
|---|---|
| bullseye | 1.6.2-2 |
| bullseye (security) | 1.6.2-2+deb11u1 |
| bookworm | 1.7.1-1 |
| trixie | 1.7.2+ds1-2 |
| forky | 1.7.2+ds1-2 |
| sid | 1.7.2+ds1-2 |
| Bug | bullseye | bookworm | trixie | forky | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2025-47909 | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | vulnerable | Hosts listed in TrustedOrigins implicitly allow requests from the corr ... |
| CVE-2025-24358 | fixed | vulnerable (no DSA) | fixed | fixed | fixed | gorilla/csrf provides Cross Site Request Forgery (CSRF) prevention mid ... |
| DSA / DLA | Description |
|---|---|
| DLA-4151-1 | golang-github-gorilla-csrf - security update |