Latest Ansible 13
Changes:
6.83 2026-05-12 11:41:48Z
- LWP::UserAgent now strips Authorization and Proxy-Authorization headers on cross-origin redirects (a different scheme, host, or port) to prevent credential leakage to the redirect target. Same-origin redirects retain credentials. Opt out with allow_credentialed_redirects => 1. CVE-2026-8368 reported by Kai Zen; PoC and initial patch by Stig Palmquist. - LWP::UserAgent now refuses https to http redirects by default to prevent leaking remaining request headers and bodies over plaintext. Opt in with allow_downgrade => 1. Related hardening alongside CVE-2026-8368; PoC by Stig Palmquist.Changes:
6.83 2026-05-12 11:41:48Z
- LWP::UserAgent now strips Authorization and Proxy-Authorization headers on cross-origin redirects (a different scheme, host, or port) to prevent credential leakage to the redirect target. Same-origin redirects retain credentials. Opt out with allow_credentialed_redirects => 1. CVE-2026-8368 reported by Kai Zen; PoC and initial patch by Stig Palmquist. - LWP::UserAgent now refuses https to http redirects by default to prevent leaking remaining request headers and bodies over plaintext. Opt in with allow_downgrade => 1. Related hardening alongside CVE-2026-8368; PoC by Stig Palmquist.Update to upstream-2.5.4, including fixes for CVE-2026-46358, CVE-2026-46405, and CVE-2026-45808
Update to upstream-2.5.4, including fixes for CVE-2026-46358, CVE-2026-46405, and CVE-2026-45808
Update to upstream-2.5.4, including fixes for CVE-2026-46358, CVE-2026-46405, and CVE-2026-45808
Update to upstream-2.5.4, including fixes for CVE-2026-46358, CVE-2026-46405, and CVE-2026-45808
Update to upstream-2.5.4, including fixes for CVE-2026-46358, CVE-2026-46405, and CVE-2026-45808
Update to upstream-2.5.4, including fixes for CVE-2026-46358, CVE-2026-46405, and CVE-2026-45808
Update to upstream-2.5.4, including fixes for CVE-2026-46358, CVE-2026-46405, and CVE-2026-45808
Patch for CVE-2026-5119
0.094 - fix to prevent invalid characters in all headers, and prevent header smuggling (CVE-2026-7010)
This update includes a security fix to make sure that COPY tags cannot be used to read past end of the buffer.
This update includes a security fix to make sure that COPY tags cannot be used to read past end of the buffer.
Automatic update for cockpit-362-1.fc44.
Changelog for cockpit * Wed May 20 2026 Packit <hello@packit.dev> - 362-1 - Bug fixes and translation updates - Fix arbitrary code execution via specially crafted logs page link (CVE-2026-4802)Automatic update for cockpit-362-1.fc43.
Changelog for cockpit * Wed May 20 2026 Packit <hello@packit.dev> - 362-1 - Bug fixes and translation updates - Fix arbitrary code execution via specially crafted logs page link (CVE-2026-4802)Swapped sources signature source number with systemd unit to have them close.
Update to 1.25.0 (rhbz#2463781) Feature changes:And bug fixes.
Remove merged patches.
Source: https://nlnetlabs.nl/projects/unbound/download/#unbound-1-25-0
Swapped sources signature source number with systemd unit to have them close.
bump version + fix two cves
0.094 - fix to prevent invalid characters in all headers, and prevent header smuggling (CVE-2026-7010)