Upgrade golang.org/x/crypto from v0.38.0 to v0.48.0 to resolve
CVE-2025-47913 (GO-2025-4116), a denial-of-service vulnerability in
golang.org/x/crypto/ssh/agent where SSH clients receiving
SSH_AGENT_SUCCESS when expecting a typed response will panic and cause
early termination of the client process. The fix was introduced in
v0.43.0.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
## Summary
Update several moving parts of cloudflared build system:
* use goboring 1.24.2 in cfsetup
* update linter and fix lint issues
* update packages namely **quic-go and net**
* install script for macos
* update docker files to use go 1.24.1
* remove usage of cloudflare-go
* pin golang linter
Closes TUN-9016
Also update golang.org/x/net and google.golang.org/grpc to fix vulnerabilities,
although cloudflared is using them in a way that is not exposed to those risks
This adds a new verifier interface that can be attached to ingress.Rule.
This would act as a middleware layer that gets executed at the start of
proxy.ProxyHTTP.
A jwt validator implementation for this verifier is also provided. The
validator downloads the public key from the access teams endpoint and
uses it to verify the JWT sent to cloudflared with the audtag (clientID)
information provided in the config.
limkevin.chao
João Oliveirinha
Luis Neto
João "Pisco" Fernandes
Chung-Ting
Devin Carr
Sudarsan Reddy
Nick Vollmar
Areg Harutyunyan