This update for cosign fixes the following issues: CVE-2024-6104: cosign: hashicorp/go-retryablehttps: Fixed sensitive information disclosure to log file (bsc#1227031) CVE-2024-51744: cosign: github.com/golang-jwt/jwt/v4: Fixed bad documentation of error handling in ParseWithClaims leading to potentially dangerous situations (bsc#1232985) CVE-2025-27144: cosign: github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: Fixed denial of service in Go JOSE's Parsing (bsc#1237682) CVE-2025-22870: cosign: golang.org/x/net/proxy: Fixed proxy bypass using IPv6 zone IDs (bsc#1238693) CVE-2025-22868: cosign: golang.org/x/oauth2/jws: Fixed unexpected memory consumption during token parsing (bsc#1239204) CVE-2025-22869: cosign: golang.org/x/crypto/ssh: Fixed denial of service in the Key Exchange (bsc#1239337) Other fixes: Update to version 2.5.0 (jsc#SLE-23476): Update sigstore-go to pick up bug fixes (#4150) Update golangci-lint to v2, update golangci-lint-action (#4143) Feat/non filename completions (#4115) update builder to use go1.24.1 (#4116) Add support for new bundle specification for attesting/verifying OCI image attestations (#3889) Remove cert log line (#4113) cmd/cosign/cli: fix typo in ignoreTLogMessage (#4111) bump to latest scaffolding release for testing (#4099) increase 2e2_test docker compose tiemout to 180s (#4091) Fix replace with compliant image mediatype (#4077) Add TSA certificate related flags and fields for cosign attest (#4079) Update to version 2.4.3…Read More