Security vulnerability uncovered and patched in the golang.org/x/crypto /ssh package
Platform.sh teams are always striving to ensure a safe space for all developers within our product. And this consistent diligence led to the Platform.sh Engineering team discovering a security vulnerability in the golang.org/x/crypto/ssh package on 5 September 2024. Upon investigating an unexpected Panic: runtime error: invalid memory address or nil pointer dereference message in our edge proxy, the engineers discovered a misimplementation of the PublicKeyCallback function.