etcd-io/etcd

Bump `go.opentelemetry.io/otel` to 1.41.0

Open

#21,917 opened on Jun 5, 2026

View on GitHub
 (1 comment) (1 reaction) (1 assignee)Go (51,701 stars) (10,352 forks)batch import
area/securityhelp wantedrelease/v3.5release/v3.6

Description

What would you like to be added?

The go.opentelemetry.io/otel has the CVE-2026-29181 high severity vulnerability reported. We have version 1.40.0 in both 3.5 and 3.6.

We should also bump go.opentelemetry.io/otel/sdk to 1.43.0, due to CVE-2026-39883.

We need to update the dependency, and add a CHANGELOG entry.

Why is this needed?

To address CVE-2026-29181 and CVE-2026-39883.

Contributor guide

Tech stack
go
Domain
backend
Issue type
chore
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
2
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
1-3 hours
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
active
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
clear
Prerequisites
GoGit
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
75
Research direction
Update go.mod and go.sum for the specified OpenTelemetry packages, run tests, and add a CHANGELOG entry.