From d474464a280b8b196eaf58fe3d41814989cacca4 Mon Sep 17 00:00:00 2001
From: streamnativebot <streamnativebot@streamnative.io>
Date: Tue, 10 Feb 2026 08:26:45 +0000
Subject: [PATCH 1/2] "Created by snbot"

---
 scripts/run-integration-tests.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/run-integration-tests.sh b/scripts/run-integration-tests.sh
index 1ce71ba2..64808bdd 100755
--- a/scripts/run-integration-tests.sh
+++ b/scripts/run-integration-tests.sh
@@ -3,7 +3,7 @@ set -e
 
 readonly PROJECT_ROOT=`cd $(dirname $0)/..; pwd`
 readonly IMAGE_NAME=pulsarctl-test
-readonly PULSAR_DEFAULT_VERSION="4.1.0.10"
+readonly PULSAR_DEFAULT_VERSION="4.0.8.8"
 readonly PULSAR_VERSION=${PULSAR_VERSION:-${PULSAR_DEFAULT_VERSION}}
 
 docker build --build-arg PULSAR_VERSION=${PULSAR_VERSION} \

From f63cbecf966c6f4a3aa21e69ffa1918fd05fced7 Mon Sep 17 00:00:00 2001
From: Cong Zhao <zhaocong@apache.org>
Date: Tue, 10 Feb 2026 17:02:30 +0800
Subject: [PATCH 2/2] fix: upgrade Go to 1.25.7 to fix CVE-2025-68121 (#2002)

Upgrade Go version from 1.25.6 to 1.25.7 to address the HIGH severity
vulnerability CVE-2025-68121 in crypto/tls session resumption.

Fixed versions: 1.24.13, 1.25.7, 1.26.0-rc.3

(cherry picked from commit ae25e7da0fabb9069412b1d3add2a87e7430e0c9)
---
 go.mod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index 0707e6eb..89535aef 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/streamnative/pulsarctl
 
-go 1.25.6
+go 1.25.7
 
 require (
 	github.com/apache/pulsar-client-go v0.18.0-candidate-1.0.20251222030102-3bb7d4eff361