Aggregator

FEDORA-EPEL-2026-58d7d41403 Packages in this update:

• java-latest-openjdk-26.0.0.0.32-0.0.1.ea.el8

Update description:

January 2026 annual updates

FEDORA-EPEL-2026-5e00b7a772 Packages in this update:

• java-latest-openjdk-26.0.0.0.32-0.0.1.ea.el10_2
• java-latest-openjdk-portable-26.0.0.0.32-0.1.ea.rolling.el8

Update description:

January 2026 annual updates

FEDORA-EPEL-2026-a6d429d59c Packages in this update:

• java-latest-openjdk-26.0.0.0.32-0.0.1.ea.el9

Update description:

January 2026 annual updates

FEDORA-2026-5c70cd99f4 Packages in this update:

• java-21-openjdk-21.0.10.0.7-2.fc43
• java-25-openjdk-25.0.2.0.10-2.fc43
• java-latest-openjdk-26.0.0.0.32-0.0.1.ea.fc43

Update description:

January 2026 annual updates

January 2026 security update

FEDORA-2026-1ad57632f2 Packages in this update:

• java-21-openjdk-21.0.10.0.7-2.fc42
• java-25-openjdk-25.0.2.0.10-2.fc42
• java-latest-openjdk-26.0.0.0.32-0.0.1.ea.fc42

Update description:

January 2026 annual updates

January 2026 security update

FEDORA-EPEL-2026-5e2a143387 Packages in this update:

• python-python-multipart-0.0.22-1.el10_2

Update description:

Security fix for CVE-2026-24486 / GHSA-wp53-j4wj-2cfg.

0.0.22 (2026-01-25)

• Drop directory path from filename in File

FEDORA-EPEL-2026-a6032e771d Packages in this update:

• yarnpkg-1.22.22-16.el10_2

Update description:

Update vendor bundle, fixes CVE-2025-13465.

FEDORA-EPEL-2026-f542ecf2f3 Packages in this update:

• yarnpkg-1.22.22-16.el9

Update description:

Update vendor bundle, fixes CVE-2025-13465.

It was discovered that jaraco.context incorrectly handled certain zip file paths. An attacker could possibly use this issue to extract arbitrary files outside of the intented extraction directory.

FEDORA-2026-2809f801f3 Packages in this update:

• yarnpkg-1.22.22-16.fc42

Update description:

Regenerate vendor tarball. Fixes CVE-2025-13465.

FEDORA-2026-a75abb3f2b Packages in this update:

• yarnpkg-1.22.22-16.fc43

Update description:

Regenerate vendor tarball. Fixes CVE-2025-13465.

FEDORA-2026-3062e10d87 Packages in this update:

• pgadmin4-9.11-3.fc42

Update description:

Regenerate vendor tarball. Fixes CVE-2025-13465.

FEDORA-2026-4e47f4d911 Packages in this update:

• pgadmin4-9.11-3.fc43

Update description:

Regenerate vendor tarball. Fixes CVE-2025-13465.

FEDORA-2026-8c25940d05 Packages in this update:

• phpunit12-12.5.8-1.fc42

Update description: Version 12.5.8 - 2026-01-27 Changed

• To prevent Poisoned Pipeline Execution (PPE) attacks using prepared .coverage files in pull requests, a PHPT test will no longer be run if the temporary file for writing code coverage information already exists before the test runs

Version 12.5.7 - 2026-01-24 Fixed

• #6362: Manually instantiated test doubles are broken since PHPUnit 11.2
• #6470: Infinite recursion in Count::getCountOf() for unusal implementations of Iterator or IteratorAggregate

Version 12.5.6 - 2026-01-16 Changed

• Reverted a change that caused a build failure for the PHP project's nightly community job

Version 12.5.5 - 2026-01-15 Deprecated

• #6461: any() matcher (soft deprecation)

Fixed

• #6470: Mocking a class with a property hook setter accepting more types than the property results in a fatal error

FEDORA-2026-470a48f838 Packages in this update:

• phpunit12-12.5.8-1.fc43

Update description: Version 12.5.8 - 2026-01-27 Changed

• To prevent Poisoned Pipeline Execution (PPE) attacks using prepared .coverage files in pull requests, a PHPT test will no longer be run if the temporary file for writing code coverage information already exists before the test runs

Version 12.5.7 - 2026-01-24 Fixed

• #6362: Manually instantiated test doubles are broken since PHPUnit 11.2
• #6470: Infinite recursion in Count::getCountOf() for unusal implementations of Iterator or IteratorAggregate

Version 12.5.6 - 2026-01-16 Changed

• Reverted a change that caused a build failure for the PHP project's nightly community job

Version 12.5.5 - 2026-01-15 Deprecated

• #6461: any() matcher (soft deprecation)

Fixed

• #6470: Mocking a class with a property hook setter accepting more types than the property results in a fatal error

FEDORA-2026-8ccfe50c58 Packages in this update:

• phpunit11-11.5.50-1.fc43

Update description: Version 11.5.50 - 2026-01-27 Changed

• To prevent Poisoned Pipeline Execution (PPE) attacks using prepared .coverage files in pull requests, a PHPT test will no longer be run if the temporary file for writing code coverage information already exists before the test runs

Version 11.5.49 - 2026-01-24 Fixed

• #6362: Manually instantiated test doubles are broken since PHPUnit 11.2
• #6470: Infinite recursion in Count::getCountOf() for unusal implementations of Iterator or IteratorAggregate

Version 11.5.48 - 2026-01-16 Changed

• Reverted a change that caused a build failure for the PHP project's nightly community job

Version 11.5.47 - 2026-01-15 Fixed

• #6470: Mocking a class with a property hook setter accepting more types than the property results in a fatal error

FEDORA-2026-c3b42a28dd Packages in this update:

• phpunit11-11.5.50-1.fc42

Update description: Version 11.5.50 - 2026-01-27 Changed

• To prevent Poisoned Pipeline Execution (PPE) attacks using prepared .coverage files in pull requests, a PHPT test will no longer be run if the temporary file for writing code coverage information already exists before the test runs

Version 11.5.49 - 2026-01-24 Fixed

• #6362: Manually instantiated test doubles are broken since PHPUnit 11.2
• #6470: Infinite recursion in Count::getCountOf() for unusal implementations of Iterator or IteratorAggregate

Version 11.5.48 - 2026-01-16 Changed

• Reverted a change that caused a build failure for the PHP project's nightly community job

Version 11.5.47 - 2026-01-15 Fixed

• #6470: Mocking a class with a property hook setter accepting more types than the property results in a fatal error

FEDORA-EPEL-2026-cf486df588 Packages in this update:

• opencc-1.0.5-4.el8

Update description:

Fix CVE-2025-15536