Aggregator

cpp-httplib-0.38.0-1.fc43

2 days 16 hours ago
FEDORA-2026-e76feaf213 Packages in this update:
  • cpp-httplib-0.38.0-1.fc43
Update description: Update to 0.38.0 (rhbz#2447261)
  • Filename sanitization for path traversal prevention — Added sanitize_filename() to prevent path traversal attacks via malicious filenames in multipart uploads (83e98a2)
  • Symlink protection in static file server — Static file serving now detects and rejects symlinks that point outside the mount directory, preventing symlink-based directory traversal (f787f31)

  • Brotli compression support — Added Brotli (br) as a supported content encoding alongside gzip and deflate (ec1ffbc)

  • Accept-Encoding quality parameter parsing — The server now parses q= quality values in the Accept-Encoding header and selects the best encoding accordingly (bb7c7ab)
  • SSL proxy connection support — SSLClient can now establish connections through HTTPS proxies, with a new setup_proxy_connection method for cleaner proxy handling (f6ed5fc, b1bb2b7)
  • WebSocket ping interval runtime configuration — WebSocket ping interval can now be configured at runtime instead of only at compile time (257b266)

  • Benchmark test suite — Added benchmark tests and configurations for performance evaluation (ba0d0b8)

  • Unicode path component decoding tests — Added test coverage for Unicode characters in decode_path_component (43a54a3)
  • Documentation updates — Enhanced TLS backend documentation with platform-specific certificate handling details; clarified progress callback usage and user data handling in examples (511e3ef, 2e61fd3)

  • Fix port conflict in test — Fixed port number in OpenStreamMalformedContentLength test to avoid conflicts (4978f26)

  • Removed large data tests for GzipDecompressor and SSLClientServerTest that caused memory issues (5ecba74, 69d468f)

  • Enabled BindDualStack test (69d468f)

Source: https://github.com/yhirose/cpp-httplib/releases/tag/v0.38.0

  • Fixes silent TLS certificate verification bypass on HTTPS Redirect via proxy (CVE-2026-32627, rhbz#2448105)

Source: https://github.com/yhirose/cpp-httplib/releases/tag/v0.37.2

USN-8113-1: LibTIFF vulnerabilities

2 days 17 hours ago
It was discovered that LibTIFF did not properly handle memory when processing certain images. An attacker could possibly use this issue to cause LibTIFF to crash, resulting in a denial of service. (CVE-2025-61143) It was discovered that LibTIFF did not properly handle memory when processing malformed TIFF directories. An attacker could possibly use this issue to cause LibTIFF to crash, resulting in a denial of service. (CVE-2025-61144)

cpp-httplib-0.38.0-1.fc44

2 days 17 hours ago
FEDORA-2026-03599f0b32 Packages in this update:
  • cpp-httplib-0.38.0-1.fc44
Update description: Update to 0.38.0 (rhbz#2447261)
  • Filename sanitization for path traversal prevention — Added sanitize_filename() to prevent path traversal attacks via malicious filenames in multipart uploads (83e98a2)
  • Symlink protection in static file server — Static file serving now detects and rejects symlinks that point outside the mount directory, preventing symlink-based directory traversal (f787f31)

  • Brotli compression support — Added Brotli (br) as a supported content encoding alongside gzip and deflate (ec1ffbc)

  • Accept-Encoding quality parameter parsing — The server now parses q= quality values in the Accept-Encoding header and selects the best encoding accordingly (bb7c7ab)
  • SSL proxy connection support — SSLClient can now establish connections through HTTPS proxies, with a new setup_proxy_connection method for cleaner proxy handling (f6ed5fc, b1bb2b7)
  • WebSocket ping interval runtime configuration — WebSocket ping interval can now be configured at runtime instead of only at compile time (257b266)

  • Benchmark test suite — Added benchmark tests and configurations for performance evaluation (ba0d0b8)

  • Unicode path component decoding tests — Added test coverage for Unicode characters in decode_path_component (43a54a3)
  • Documentation updates — Enhanced TLS backend documentation with platform-specific certificate handling details; clarified progress callback usage and user data handling in examples (511e3ef, 2e61fd3)

  • Fix port conflict in test — Fixed port number in OpenStreamMalformedContentLength test to avoid conflicts (4978f26)

  • Removed large data tests for GzipDecompressor and SSLClientServerTest that caused memory issues (5ecba74, 69d468f)

  • Enabled BindDualStack test (69d468f)

Source: https://github.com/yhirose/cpp-httplib/releases/tag/v0.38.0

  • Fixes silent TLS certificate verification bypass on HTTPS Redirect via proxy (CVE-2026-32627, rhbz#2448105)

Source: https://github.com/yhirose/cpp-httplib/releases/tag/v0.37.2

perl-XML-Parser-2.51-1.fc45

2 days 19 hours ago
FEDORA-2026-7d5754535f Packages in this update:
  • perl-XML-Parser-2.51-1.fc45
Update description:

Automatic update for perl-XML-Parser-2.51-1.fc45.

Changelog * Mon Mar 23 2026 Jitka Plesnikova <jplesnik@redhat.com> - 2.51-1 - 2.51 bump (rhbz#2448965) - Fix CVE-2006-10002 (rhbz#2449269), CVE-2006-10003 (rhbz#2449278)