Fedora Security Advisories

cpp-httplib-0.38.0-1.fc43

Fedora Security Advisories
2 days 10 hours ago
FEDORA-2026-e76feaf213 Packages in this update:
  • cpp-httplib-0.38.0-1.fc43
Update description: Update to 0.38.0 (rhbz#2447261)
  • Filename sanitization for path traversal prevention — Added sanitize_filename() to prevent path traversal attacks via malicious filenames in multipart uploads (83e98a2)

  • Symlink protection in static file server — Static file serving now detects and rejects symlinks that point outside the mount directory, preventing symlink-based directory traversal (f787f31)

  • Brotli compression support — Added Brotli (br) as a supported content encoding alongside gzip and deflate (ec1ffbc)

  • Accept-Encoding quality parameter parsing — The server now parses q= quality values in the Accept-Encoding header and selects the best encoding accordingly (bb7c7ab)
  • SSL proxy connection support — SSLClient can now establish connections through HTTPS proxies, with a new setup_proxy_connection method for cleaner proxy handling (f6ed5fc, b1bb2b7)

  • WebSocket ping interval runtime configuration — WebSocket ping interval can now be configured at runtime instead of only at compile time (257b266)

  • Benchmark test suite — Added benchmark tests and configurations for performance evaluation (ba0d0b8)

  • Unicode path component decoding tests — Added test coverage for Unicode characters in decode_path_component (43a54a3)

  • Documentation updates — Enhanced TLS backend documentation with platform-specific certificate handling details; clarified progress callback usage and user data handling in examples (511e3ef, 2e61fd3)

  • Fix port conflict in test — Fixed port number in OpenStreamMalformedContentLength test to avoid conflicts (4978f26)

  • Removed large data tests for GzipDecompressor and SSLClientServerTest that caused memory issues (5ecba74, 69d468f)

  • Enabled BindDualStack test (69d468f)

Source: https://github.com/yhirose/cpp-httplib/releases/tag/v0.38.0

  • Fixes silent TLS certificate verification bypass on HTTPS Redirect via proxy (CVE-2026-32627, rhbz#2448105)

Source: https://github.com/yhirose/cpp-httplib/releases/tag/v0.37.2

cpp-httplib-0.38.0-1.fc44

Fedora Security Advisories
2 days 11 hours ago
FEDORA-2026-03599f0b32 Packages in this update:
  • cpp-httplib-0.38.0-1.fc44
Update description: Update to 0.38.0 (rhbz#2447261)
  • Filename sanitization for path traversal prevention — Added sanitize_filename() to prevent path traversal attacks via malicious filenames in multipart uploads (83e98a2)

  • Symlink protection in static file server — Static file serving now detects and rejects symlinks that point outside the mount directory, preventing symlink-based directory traversal (f787f31)

  • Brotli compression support — Added Brotli (br) as a supported content encoding alongside gzip and deflate (ec1ffbc)

  • Accept-Encoding quality parameter parsing — The server now parses q= quality values in the Accept-Encoding header and selects the best encoding accordingly (bb7c7ab)
  • SSL proxy connection support — SSLClient can now establish connections through HTTPS proxies, with a new setup_proxy_connection method for cleaner proxy handling (f6ed5fc, b1bb2b7)

  • WebSocket ping interval runtime configuration — WebSocket ping interval can now be configured at runtime instead of only at compile time (257b266)

  • Benchmark test suite — Added benchmark tests and configurations for performance evaluation (ba0d0b8)

  • Unicode path component decoding tests — Added test coverage for Unicode characters in decode_path_component (43a54a3)

  • Documentation updates — Enhanced TLS backend documentation with platform-specific certificate handling details; clarified progress callback usage and user data handling in examples (511e3ef, 2e61fd3)

  • Fix port conflict in test — Fixed port number in OpenStreamMalformedContentLength test to avoid conflicts (4978f26)

  • Removed large data tests for GzipDecompressor and SSLClientServerTest that caused memory issues (5ecba74, 69d468f)

  • Enabled BindDualStack test (69d468f)

Source: https://github.com/yhirose/cpp-httplib/releases/tag/v0.38.0

  • Fixes silent TLS certificate verification bypass on HTTPS Redirect via proxy (CVE-2026-32627, rhbz#2448105)

Source: https://github.com/yhirose/cpp-httplib/releases/tag/v0.37.2

perl-XML-Parser-2.51-1.fc45

Fedora Security Advisories
2 days 13 hours ago
FEDORA-2026-7d5754535f Packages in this update:
  • perl-XML-Parser-2.51-1.fc45
Update description:

Automatic update for perl-XML-Parser-2.51-1.fc45.

Changelog * Mon Mar 23 2026 Jitka Plesnikova <jplesnik@redhat.com> - 2.51-1 - 2.51 bump (rhbz#2448965) - Fix CVE-2006-10002 (rhbz#2449269), CVE-2006-10003 (rhbz#2449278)
Checked
4 minutes 29 seconds ago
URL
https://bodhi.fedoraproject.org/rss/updates/?type=security