docker-compose-5.3.0-1.fc44
- docker-compose-5.3.0-1.fc44
Update to release v5.3.0
Update to release v5.3.0
Update routinator to the latest, pulling in updated dependencies (rpki and syslog), and switch fern to using syslog 7 instead of 6 for this update, and loosen the syslog version bound for ifcfg-devname.
v0.15.2This release fixes a number of vulnerabilities and security issues identified by a security audit performed by X41 D-Sec and financed by Sovereign Tech Agency.
We advise all users to upgrade at their earliest convenience.
Security fixesThis issue was assigned CVE-2026-49232.
This fixes a path traversal vulnerability that has been assigned CVE-2026-49233.
This fixes a vulnerability that has been assigned CVE-2026-49234.
This fixes a vulnerability that has been assigned CVE-2026-49235.
ImprovementsThis once and for all fixes CVE-2023-39916 which returned again in release 0.14.0. (#1055) * Messages about issues with repositories and publication points are now logged separately and by default are only visible in the status HTTP server endpoints. The new log-repository-issues option can be used to have these messages also written to the log. ([#1054]) * Changed how server mode deals with broken or missing local exception files. Previously, Routinator would just stop updating until they are fixed, leading to updates being stalled if the operator misses the error messages. Now it will log a warning and keep using the previous set of local exceptions. When starting, it will exit with an error message if there are broken or missing local exception files. (#1060) * Changed the RRDP timeouts: introduced a new config variable rrdp-read-timeout that provides a timeout for individual network operations (primarily: read from the server). Its default is 10 seconds. This timeout is also used for connecting of no specific value is given, significantly speeding up validation runs.
In addition, the RRDP timeout was increased from 300 to 600 seconds to better deal with slow transmission of large snapshots of some repositories. (#1061)
NewThis fixes an issue where an accidentally or maliciously manipulated locally stored manifest could block update of a legitimate new manifest which was reported by Zizhi Shang, Zhechao Lin, Jiahao Cao, Yangyang Wang, Mingwei Xu of the Institute for Network Sciences and Cyberspace (INSC), Tsinghua University.
Bug fixesUpdate routinator to the latest, pulling in updated dependencies (rpki and syslog), and switch fern to using syslog 7 instead of 6 for this update, and loosen the syslog version bound for ifcfg-devname.
v0.15.2This release fixes a number of vulnerabilities and security issues identified by a security audit performed by X41 D-Sec and financed by Sovereign Tech Agency.
We advise all users to upgrade at their earliest convenience.
Security fixesThis issue was assigned CVE-2026-49232.
This fixes a path traversal vulnerability that has been assigned CVE-2026-49233.
This fixes a vulnerability that has been assigned CVE-2026-49234.
This fixes a vulnerability that has been assigned CVE-2026-49235.
ImprovementsThis once and for all fixes CVE-2023-39916 which returned again in release 0.14.0. (#1055) * Messages about issues with repositories and publication points are now logged separately and by default are only visible in the status HTTP server endpoints. The new log-repository-issues option can be used to have these messages also written to the log. ([#1054]) * Changed how server mode deals with broken or missing local exception files. Previously, Routinator would just stop updating until they are fixed, leading to updates being stalled if the operator misses the error messages. Now it will log a warning and keep using the previous set of local exceptions. When starting, it will exit with an error message if there are broken or missing local exception files. (#1060) * Changed the RRDP timeouts: introduced a new config variable rrdp-read-timeout that provides a timeout for individual network operations (primarily: read from the server). Its default is 10 seconds. This timeout is also used for connecting of no specific value is given, significantly speeding up validation runs.
In addition, the RRDP timeout was increased from 300 to 600 seconds to better deal with slow transmission of large snapshots of some repositories. (#1061)
NewThis fixes an issue where an accidentally or maliciously manipulated locally stored manifest could block update of a legitimate new manifest which was reported by Zizhi Shang, Zhechao Lin, Jiahao Cao, Yangyang Wang, Mingwei Xu of the Institute for Network Sciences and Cyberspace (INSC), Tsinghua University.
Bug fixesUpdate routinator to the latest, pulling in updated dependencies (rpki and syslog), and switch fern to using syslog 7 instead of 6 for this update, and loosen the syslog version bound for ifcfg-devname.
v0.15.2This release fixes a number of vulnerabilities and security issues identified by a security audit performed by X41 D-Sec and financed by Sovereign Tech Agency.
We advise all users to upgrade at their earliest convenience.
Security fixesThis issue was assigned CVE-2026-49232.
This fixes a path traversal vulnerability that has been assigned CVE-2026-49233.
This fixes a vulnerability that has been assigned CVE-2026-49234.
This fixes a vulnerability that has been assigned CVE-2026-49235.
ImprovementsThis once and for all fixes CVE-2023-39916 which returned again in release 0.14.0. (#1055) * Messages about issues with repositories and publication points are now logged separately and by default are only visible in the status HTTP server endpoints. The new log-repository-issues option can be used to have these messages also written to the log. ([#1054]) * Changed how server mode deals with broken or missing local exception files. Previously, Routinator would just stop updating until they are fixed, leading to updates being stalled if the operator misses the error messages. Now it will log a warning and keep using the previous set of local exceptions. When starting, it will exit with an error message if there are broken or missing local exception files. (#1060) * Changed the RRDP timeouts: introduced a new config variable rrdp-read-timeout that provides a timeout for individual network operations (primarily: read from the server). Its default is 10 seconds. This timeout is also used for connecting of no specific value is given, significantly speeding up validation runs.
In addition, the RRDP timeout was increased from 300 to 600 seconds to better deal with slow transmission of large snapshots of some repositories. (#1061)
NewThis fixes an issue where an accidentally or maliciously manipulated locally stored manifest could block update of a legitimate new manifest which was reported by Zizhi Shang, Zhechao Lin, Jiahao Cao, Yangyang Wang, Mingwei Xu of the Institute for Network Sciences and Cyberspace (INSC), Tsinghua University.
Bug fixesUpdate routinator to the latest, pulling in updated dependencies (rpki and syslog), and switch fern to using syslog 7 instead of 6 for this update, and loosen the syslog version bound for ifcfg-devname.
v0.15.2This release fixes a number of vulnerabilities and security issues identified by a security audit performed by X41 D-Sec and financed by Sovereign Tech Agency.
We advise all users to upgrade at their earliest convenience.
Security fixesThis issue was assigned CVE-2026-49232.
This fixes a path traversal vulnerability that has been assigned CVE-2026-49233.
This fixes a vulnerability that has been assigned CVE-2026-49234.
This fixes a vulnerability that has been assigned CVE-2026-49235.
ImprovementsThis once and for all fixes CVE-2023-39916 which returned again in release 0.14.0. (#1055) * Messages about issues with repositories and publication points are now logged separately and by default are only visible in the status HTTP server endpoints. The new log-repository-issues option can be used to have these messages also written to the log. ([#1054]) * Changed how server mode deals with broken or missing local exception files. Previously, Routinator would just stop updating until they are fixed, leading to updates being stalled if the operator misses the error messages. Now it will log a warning and keep using the previous set of local exceptions. When starting, it will exit with an error message if there are broken or missing local exception files. (#1060) * Changed the RRDP timeouts: introduced a new config variable rrdp-read-timeout that provides a timeout for individual network operations (primarily: read from the server). Its default is 10 seconds. This timeout is also used for connecting of no specific value is given, significantly speeding up validation runs.
In addition, the RRDP timeout was increased from 300 to 600 seconds to better deal with slow transmission of large snapshots of some repositories. (#1061)
NewThis fixes an issue where an accidentally or maliciously manipulated locally stored manifest could block update of a legitimate new manifest which was reported by Zizhi Shang, Zhechao Lin, Jiahao Cao, Yangyang Wang, Mingwei Xu of the Institute for Network Sciences and Cyberspace (INSC), Tsinghua University.
Bug fixesUpdate routinator to the latest, pulling in updated dependencies (rpki and syslog), and switch fern to using syslog 7 instead of 6 for this update, and loosen the syslog version bound for ifcfg-devname.
v0.15.2This release fixes a number of vulnerabilities and security issues identified by a security audit performed by X41 D-Sec and financed by Sovereign Tech Agency.
We advise all users to upgrade at their earliest convenience.
Security fixesThis issue was assigned CVE-2026-49232.
This fixes a path traversal vulnerability that has been assigned CVE-2026-49233.
This fixes a vulnerability that has been assigned CVE-2026-49234.
This fixes a vulnerability that has been assigned CVE-2026-49235.
ImprovementsThis once and for all fixes CVE-2023-39916 which returned again in release 0.14.0. (#1055) * Messages about issues with repositories and publication points are now logged separately and by default are only visible in the status HTTP server endpoints. The new log-repository-issues option can be used to have these messages also written to the log. ([#1054]) * Changed how server mode deals with broken or missing local exception files. Previously, Routinator would just stop updating until they are fixed, leading to updates being stalled if the operator misses the error messages. Now it will log a warning and keep using the previous set of local exceptions. When starting, it will exit with an error message if there are broken or missing local exception files. (#1060) * Changed the RRDP timeouts: introduced a new config variable rrdp-read-timeout that provides a timeout for individual network operations (primarily: read from the server). Its default is 10 seconds. This timeout is also used for connecting of no specific value is given, significantly speeding up validation runs.
In addition, the RRDP timeout was increased from 300 to 600 seconds to better deal with slow transmission of large snapshots of some repositories. (#1061)
NewThis fixes an issue where an accidentally or maliciously manipulated locally stored manifest could block update of a legitimate new manifest which was reported by Zizhi Shang, Zhechao Lin, Jiahao Cao, Yangyang Wang, Mingwei Xu of the Institute for Network Sciences and Cyberspace (INSC), Tsinghua University.
Bug fixesBackport fix for CVE-2025-54812: HTMLLayout wrote the logger name unescaped into an HTML title="..." attribute. If untrusted data controls the logger name, this allows breaking out of the attribute and injecting HTML/JS into the generated log file, which executes when the file is opened in a browser.
Backports the escaping fix from upstream (fixed in 1.5.0) onto this package's 0.10.0 base.
1.032 bump- Fix CVE-2026-13708 and CVE-2026-13705
1.032 bump- Fix CVE-2026-13708 and CVE-2026-13705
Update to log4cxx 1.7.0.
Fixes CVE-2026-40023: XMLLayout did not escape characters forbidden by the XML 1.0 specification, which could cause conforming XML parsers to reject the produced document, silently dropping log records.
No ABI-relevant changes; liblog4cxx SONAME (%{sover}) is unchanged.
Update to log4cxx 1.7.0.
Fixes CVE-2026-40023: XMLLayout did not escape characters forbidden by the XML 1.0 specification, which could cause conforming XML parsers to reject the produced document, silently dropping log records.
No ABI-relevant changes; liblog4cxx SONAME (%{sover}) is unchanged.
Update to log4cxx 1.7.0.
Fixes CVE-2026-40023: XMLLayout did not escape characters forbidden by the XML 1.0 specification, which could cause conforming XML parsers to reject the produced document, silently dropping log records.
No ABI-relevant changes; liblog4cxx SONAME (%{sover}) is unchanged.
fix CVE-2026-14544 - incomplete fix after CVE-2026-8631 (fedora#2496773,
fedora#2496772)
fix CVE-2026-14544 - incomplete fix after CVE-2026-8631 (fedora#2496773,
fedora#2496772)
Automatic update for hplip-3.26.4-7.fc45.
Changelog * Fri Jul 3 2026 Zdenek Dohnal <zdohnal@redhat.com> - 3.26.4-7 - fix CVE-2026-14544 - incomplete fix after CVE-2026-8631 (fedora#2496773, fedora#2496772)Update to log4cxx 1.7.0.
New features: fallback-ref appender attribute, Qt CMake find_package component, TelnetAppender NonBlocking option.
Bug fixes: non-ASCII JSON encoding, invalid XML 1.0 characters in XML output, crash on recursive XML config references, possible UB during configuration changes, message loss during recursive logging, ODBCAppender prepared-statement buffer lifetimes.
No ABI-relevant changes; liblog4cxx SONAME (%{sover}) is unchanged.
chromium-150.0.7871.46 security release includes 433 security fixes, CVE-2026-13774 - CVE-2026-14432
chromium-150.0.7871.46 security release includes 433 security fixes, CVE-2026-13774 - CVE-2026-14432
chromium-150.0.7871.46 security release includes 433 security fixes, CVE-2026-13774 - CVE-2026-14432
chromium-150.0.7871.46 security release includes 433 security fixes, CVE-2026-13774 - CVE-2026-14432