Skip to content

Shield

v9.0.1 Security

This release includes 2 security fixes for security teams reviewing exposed deployments.

Published 1mo Backup & Recovery
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 2 known CVEs

Topics

backup-solution bosh cloud cloudfoundry mysql postgresql

Summary

AI summary

Minor fixes and improvements.

Full changelog

Improvements

  • Updated Go toolchain to 1.25 and aligned the Dockerfile base.
  • Migrated google/go-github from a 2015 pseudo-version to v76 (fixes a latent ListUserTeams API-drift bug acknowledged in-code).
  • Bumped go-sql-driver/mysql, mattn/go-sqlite3, hashicorp/consul/api, golang.org/x/{crypto,net,oauth2}, fsouza/go-dockerclient, prometheus/client_golang.
  • Updated webdav and demo nginx images to bookworm bases (bullseye EOL 2026-06).
  • Refreshed vendored UI libs: jQuery 3.2.1 → 3.7.1 (covers CVE-2020-11022 / CVE-2020-11023), showdown 1.9.0 → 2.1.0, FontAwesome 5.3.1 → 6.7.2 free.
  • Carries the two prior v9.0.1-rc.1 fixes: S3 plugin IMDSv2 support and S3 REST API change handling.

Security Fixes

  • jQuery updated to 3.7.1 covering CVE-2020-11022 and CVE-2020-11023
  • CVE-2020-11023
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Shield

Get notified when new releases ship.

Sign up free

About Shield

A pluggable architecture for backup and restore of database systems. `MIT` `Go`

All releases →

Related context

Beta — feedback welcome: [email protected]