summaryrefslogtreecommitdiffstats
path: root/meta-webserver
Commit message (Collapse)AuthorAgeFilesLines
* nginx: upgrade 1.30.1 -> 1.30.2Ankur Tyagi2026-05-221-1/+1
| | | | | | | | | | | | Changes with nginx 1.30.2 *) Security: a heap memory buffer overflow might occur in a worker process when using a configuration with overlapping captures in ngx_http_rewrite_module, potentially resulting in arbitrary code execution (CVE-2026-9256). Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* nginx: upgrade 1.30.0 -> 1.30.1Ankur Tyagi2026-05-211-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes with nginx 1.30.1 *) Security: when using the "proxy_set_body" directive, an attacker might inject data in the proxied request to an HTTP/2 backend (CVE-2026-42926). *) Security: a heap memory buffer overflow might occur in a worker process while handling a specially crafted request by ngx_http_rewrite_module, potentially resulting in arbitrary code execution (CVE-2026-42945). *) Security: a heap memory buffer overread might occur in a worker process while handling a specially crafted response by ngx_http_scgi_module or ngx_http_uwsgi_module, allowing an attacker to cause a disclosure of worker process memory or segmentation fault in a worker process (CVE-2026-42946). *) Security: a heap memory buffer overread might occur in a worker process while handling a specially sent response with decoding from UTF-8 via the "charset_map" directive, allowing an attacker to cause a limited disclosure of worker proccess memory or segmentation fault in a worker process (CVE-2026-42934). *) Security: when using HTTP/3, processing of connection migration might cause new QUIC streams to receive a new client address before validation, allowing an attacker to cause address spoofing (CVE-2026-40460). *) Security: use-after-free might occur during DNS server response processing if the "ssl_ocsp" directive was used, allowing an attacker to cause worker process memory corruption or segmentation fault in a worker process (CVE-2026-40701). *) Bugfix: connections with HTTP/2 backends might not be cached when using the "proxy_set_body" or "proxy_pass_request_body" directives. *) Bugfix: proxied HTTP/0.9, SCGI, or uWSGI responses might be transferred incorrectly if the first line was not fully read. Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* swagger-ui: upgrade 5.32.5 -> 5.32.6Wang Mingyu2026-05-211-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* webmin: upgrade 2.630 -> 2.641Jason Schonberg2026-05-131-1/+1
| | | | | | | | Changelog: https://github.com/webmin/webmin/releases/tag/2.641 Changelog: https://github.com/webmin/webmin/releases/tag/2.640 Signed-off-by: Jason Schonberg <schonm@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* hiawatha: upgrade 12.1 -> 12.2Wang Mingyu2026-05-131-1/+1
| | | | | | | | | | | | Changelog: ============ * Let's Encrypt script processes variables in Hiawatha configuration. * Reintroduced ssi-cgi, as requested. * Small improvements and bugfixes. * Bugfix: CAcertificates setting didn't work. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* apache2: upgrade 2.4.66 -> 2.4.67Liyin Zhang2026-05-131-1/+1
| | | | | | | | | | | | | | | | | | | | Security fixes: - CVE-2026-34059 - CVE-2026-34032 - CVE-2026-33857 - CVE-2026-33523 - CVE-2026-33007 - CVE-2026-33006 - CVE-2026-29169 - CVE-2026-29168 - CVE-2026-28780 - CVE-2026-24072 - CVE-2026-23918 See: https://archive.apache.org/dist/httpd/CHANGES_2.4.67 Signed-off-by: Liyin Zhang <liyin.zhang.cn@windriver.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* nginx: upgrade 1.29.7 -> 1.30.0Ankur Tyagi2026-05-133-17/+6
| | | | | | | | | | 1.30.0 stable version has been released, incorporating new features and bug fixes from the 1.29.x mainline branch (https://nginx.org/en/CHANGES-1.30) Also dropped v1.28 support. Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* swagger-ui: upgrade 5.32.2 -> 5.32.5Wang Mingyu2026-05-121-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* monkey: patch CVEsGyorgy Sarvari2026-04-204-1/+324
| | | | | | | | | | | | | | | | | | | | | | | | These patches are about a number of CVEs files against the application: CVE-2025-63649, CVE-2025-63650, CVE-2025-63651, CVE-2025-63652, CVE-2025-63653, CVE-2025-63655, CVE-2025-63656, CVE-2025-63657 and CVE-2025-63658. These patches are taken from a pull request[1] that is referenced in the relevant bug report[2]. The patches don't target specific CVEs on separately, but they fix a number of CVEs altogether. Based on upstream analysis (in the linked issue) a number of these CVEs are duplicates of each other and/or not exploitable. The valid CVEs are fixed by these patches. I haven't added specific CVE info to the patches, one hand because of the above, it is hard to separate the patches by CVE, and secondarily because NVD tracks these CVEs with incorrect version info: NVD considers 1.8.6 fully fixed, even though the patches are only in the master branch, untagged at this time. After updating the recipe to 1.8.6+, the vulnerabilites will disappear from the CVE report due to this. [1]: https://github.com/monkey/monkey/pull/434 [2]: https://github.com/monkey/monkey/issues/426 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* monkey: upgrade 1.8.4 -> 1.8.7Gyorgy Sarvari2026-04-201-2/+6
| | | | | | | | Shortlog: https://github.com/monkey/monkey/compare/v1.8.4...v1.8.7 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* hiawatha: Upgrade to 12.1 releaseKhem Raj2026-04-161-1/+1
| | | | | | | | | | | | - HTTP/2 support added via the nghttp2 library (credits to Heiko Zimmermann) — noted as experimental, so testing carefully before enabling on production servers is recommended. - mbed TLS updated from 4.0.0 to 4.1.0. - ssi-cgi removed — the release notes suggest using Hiawatha's XSLT support as a more advanced alternative. Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* sthttpd: disable C23 support to fix configure checkKhem Raj2026-04-161-0/+2
| | | | | | | | Set ac_cv_prog_cc_c23=no to prevent autoconf from detecting C23 compiler support, avoiding potential build failures as the package is not yet fully ported to support C23 standard. Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* swagger-ui: upgrade 5.32.1 -> 5.32.2Wang Mingyu2026-04-101-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* webmin: upgrade 2.621 -> 2.630Jason Schonberg2026-04-061-1/+1
| | | | | | | Changelog: https://github.com/webmin/webmin/releases/tag/2.630 Signed-off-by: Jason Schonberg <schonm@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* nginx: upgrade 1.29.6 -> 1.29.7Gyorgy Sarvari2026-03-281-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes: *) Security: a buffer overflow might occur while handling a COPY or MOVE request in a location with "alias", allowing an attacker to modify the source or destination path outside of the document root (CVE-2026-27654). *) Security: processing of a specially crafted mp4 file by the ngx_http_mp4_module on 32-bit platforms might cause a worker process crash, or might have potential other impact (CVE-2026-27784). *) Security: processing of a specially crafted mp4 file by the ngx_http_mp4_module might cause a worker process crash, or might have potential other impact (CVE-2026-32647). *) Security: a segmentation fault might occur in a worker process if the CRAM-MD5 or APOP authentication methods were used and authentication retry was enabled (CVE-2026-27651). *) Security: an attacker might use PTR DNS records to inject data in auth_http requests, as well as in the XCLIENT command in the backend SMTP connection (CVE-2026-28753). *) Security: SSL handshake might succeed despite OCSP rejecting a client certificate in the stream module (CVE-2026-28755). *) Feature: the "multipath" parameter of the "listen" directive. *) Feature: the "local" parameter of the "keepalive" directive in the "upstream" block. *) Change: now the "keepalive" directive in the "upstream" block is enabled by default. *) Change: now ngx_http_proxy_module supports keepalive by default; the default value for "proxy_http_version" is "1.1"; the "Connection" proxy header is not sent by default anymore. *) Bugfix: an invalid HTTP/2 request might be sent after switching to the next upstream if buffered body was used in the ngx_http_grpc_module. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* nginx: upgrade 1.28.2 -> 1.28.3Gyorgy Sarvari2026-03-281-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes: *) Security: a buffer overflow might occur while handling a COPY or MOVE request in a location with "alias", allowing an attacker to modify the source or destination path outside of the document root (CVE-2026-27654). *) Security: processing of a specially crafted mp4 file by the ngx_http_mp4_module on 32-bit platforms might cause a worker process crash, or might have potential other impact (CVE-2026-27784). *) Security: processing of a specially crafted mp4 file by the ngx_http_mp4_module might cause a worker process crash, or might have potential other impact (CVE-2026-32647). *) Security: a segmentation fault might occur in a worker process if the CRAM-MD5 or APOP authentication methods were used and authentication retry was enabled (CVE-2026-27651). *) Security: an attacker might use PTR DNS records to inject data in auth_http requests, as well as in the XCLIENT command in the backend SMTP connection (CVE-2026-28753). *) Security: SSL handshake might succeed despite OCSP rejecting a client certificate in the stream module (CVE-2026-28755). *) Change: now nginx limits the size and rate of QUIC stateless reset packets. *) Bugfix: receiving a QUIC packet by a wrong worker process could cause the connection to terminate. *) Bugfix: in the ngx_http_mp4_module. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* swagger-ui: upgrade 5.32.0 -> 5.32.1Wang Mingyu2026-03-271-1/+1
| | | | | | | | | | Bugfixes: ========= - invalidate models components cache based on location - style: use container queries for responsive design Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* hiawatha: Fix checksum mismatch againKhem Raj2026-03-241-1/+1
| | | | Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* hiawatha: Fix checksum mismatchAlper Ak2026-03-211-1/+1
| | | | | | | Update the sha256sum to match the current upstream archive. Signed-off-by: Alper Ak <alperyasinak1@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
* sthttpd: remove obsolete CVE_STATUSGyorgy Sarvari2026-03-201-2/+0
| | | | | | | The CVE is now tracked with the correct version info by NVD. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* layers: update for wrynose release seriesKhem Raj2026-03-181-1/+1
| | | | | | Drop walnascar from supported release series Signed-off-by: Khem Raj <raj.khem@gmail.com>
* spawn-fcgi: upgrade 1.6.5 -> 1.6.6Ankur Tyagi2026-03-181-3/+3
| | | | | | | | | Changelog: * Use meson instead of autotools and cmake * Simplify/reduce configure checks and #ifdefs Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: upgrade 1.29.5 -> 1.29.6Ankur Tyagi2026-03-181-1/+1
| | | | | | | | | | | | | | | | | | | | | | Changelog: * Feature: session affinity support; the "sticky" directive in the "upstream" block of the "http" module; the "server" directive supports the "route" and "drain" parameters. * Change: now nginx limits the size and rate of QUIC stateless reset packets. * Bugfix: receiving a QUIC packet by a wrong worker process could cause the connection to terminate. * Bugfix: "[crit] cache file ... contains invalid header" messages might appear in logs when sending a cached HTTP/2 response. * Bugfix: proxying to scgi backends might not work when using chunked transfer encoding and the "scgi_request_buffering" directive. * Bugfix: in the ngx_http_mp4_module. * Bugfix: nginx treated a comma as separator in the "Cookie" request header line when evaluating "$cookie_..." variables. * Bugfix: in IMAP command literal argument parsing. Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* webmin: upgrade 2.520 -> 2.621Ankur Tyagi2026-03-181-1/+1
| | | | | | | | | | https://github.com/webmin/webmin/releases/tag/2.600 https://github.com/webmin/webmin/releases/tag/2.610 https://github.com/webmin/webmin/releases/tag/2.620 https://github.com/webmin/webmin/releases/tag/2.621 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* hiawatha: upgrade 11.8 -> 12.0Gyorgy Sarvari2026-03-171-2/+2
| | | | | | | | | | | | | Changelog: * mbed TLS updated to 4.0.0. * Replaced strcpy() with strlcpy() and sprintf() with snprintf(). * Added OS sandbox. * Removed DHsize option. * Known bug: mbed TLS v4.0.0 doesn't compile in Cygwin, so building a Windows package is not possible. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* swagger-ui: upgrade 5.31.2 -> 5.32.0Wang Mingyu2026-03-171-1/+1
| | | | | | | | Changelog: oas32: add basic OpenAPI 3.2.0 support Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* xdebug: upgrade 3.5.0 -> 3.5.1Liu Yiding2026-03-021-1/+2
| | | | | | | | Changelog: https://github.com/xdebug/xdebug/releases/tag/3.5.1 Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* swagger-ui: upgrade 5.30.3 -> 5.31.2Wang Mingyu2026-03-021-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* webmin: upgrade 2.501 -> 2.520Jason Schonberg2026-02-241-1/+1
| | | | | | | | Changelog: https://github.com/webmin/webmin/releases/tag/2.520 Changelog: https://github.com/webmin/webmin/releases/tag/2.510 Signed-off-by: Jason Schonberg <schonm@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: upgrade 1.29.1 -> 1.29.5Gyorgy Sarvari2026-02-161-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | License-Update: copyright year bump. Changelog: 1.29.5: - Security: an attacker might inject plain text data in the response from an SSL backend (CVE-2026-1642). - Bugfix: use-after-free might occur after switching to the next gRPC or HTTP/2 backend. - Bugfix: an invalid HTTP/2 request might be sent after switching to the next upstream. - Bugfix: a response with multiple ranges might be larger than the source response. - Bugfix: fixed setting HTTP_HOST when proxying to FastCGI, SCGI, and uwsgi backends. - Bugfix: fixed warning when compiling with MSVC 2022 x86. - Change: the logging level of the "ech_required" SSL error has been lowered from "crit" to "info". 1.29.4: - Feature: the ngx_http_proxy_module supports HTTP/2. - Feature: Encrypted ClientHello TLS extension support when using OpenSSL ECH feature branch; the "ssl_ech_file" directive. Thanks to Stephen Farrell. - Change: validation of host and port in the request line, "Host" header field, and ":authority" pseudo-header field has been changed to follow RFC 3986. - Change: now a single LF used as a line terminator in a chunked request or response body is considered an error. - Bugfix: when using HTTP/3 with OpenSSL 3.5.1 or newer a segmentation fault might occur in a worker process; the bug had appeared in 1.29.1. Thanks to Jan Svojanovsky. - Bugfix: a segmentation fault might occur in a worker process if the "try_files" directive and "proxy_pass" with a URI were used. 1.29.3: - Feature: the "add_header_inherit" and "add_trailer_inherit" directives. - Feature: the $request_port and $is_request_port variables. - Feature: the $ssl_sigalg and $ssl_client_sigalg variables. - Feature: the "volatile" parameter of the "geo" directive. - Feature: now certificate compression is available with BoringSSL. - Bugfix: now certificate compression is disabled with OCSP stapling. 1.29.2 - Feature: now nginx can be built with AWS-LC. Thanks Samuel Chiang. - Bugfix: now the "ssl_protocols" directive works in a virtual server different from the default server when using OpenSSL 1.1.1 or newer. - Bugfix: SSL handshake always failed when using TLSv1.3 with OpenSSL and client certificates and resuming a session with a different SNI value; the bug had appeared in 1.27.4. - Bugfix: the "ignoring stale global SSL error" alerts might appear in logs when using QUIC and the "ssl_reject_handshake" directive; the bug had appeared in 1.29.0. Thanks to Vladimir Homutov. - Bugfix: in delta-seconds processing in the "Cache-Control" backend response header line. - Bugfix: an XCLIENT command didn't use the xtext encoding. Thanks to Igor Morgenstern of Aisle Research. - Bugfix: in SSL certificate caching during reconfiguration. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: upgrade 1.28.1 -> 1.28.2Gyorgy Sarvari2026-02-161-1/+1
| | | | | | | | | | | | Changelog: - Security: an attacker might inject plain text data in the response from an SSL backend (CVE-2026-1642). - Bugfix: use-after-free might occur after switching to the next gRPC or HTTP/2 backend. - Bugfix: fixed warning when compiling with MSVC 2022 x86. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* hiawatha: upgrade 11.7 -> 11.8Gyorgy Sarvari2026-02-044-122/+1
| | | | | | | | | | | Drop patches that are included in this release. Changes: * mbed TLS updated to 3.6.4. * Small bugfixes. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: ignore CVE-2025-53859 for 1.28.1Peter Marko2026-01-121-0/+2
| | | | | | | | | Fix is included via commit [1]. [1] https://github.com/nginx/nginx/commit/fbbbf189dadf3bd59c2462af68c16f2c2874d4ee Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: set CVE_PRODUCTGyorgy Sarvari2026-01-041-0/+2
| | | | | | | | | nginx has a long history, and has used multiple CPEs over time. Set CVE_PRODUCT to reflect current and historic vendor:product pairs. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: upgrade 1.28.0 -> 1.28.1Jason Schonberg2026-01-043-138/+5
| | | | | | | | | | | | | Drop CVE patch which has been integrated into this new version. Solves: * CVE-2025-53859 CHANGES: https://nginx.org/en/CHANGES-1.28 Signed-off-by: Jason Schonberg <schonm@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* cockpit: upgrade 349 -> 352Jason Schonberg2025-12-111-1/+1
| | | | | | | | | | | | | | | | 352 Shown a warning if the last shutdown/reboot was unclean Bug fixes and translation updates 351 Firewall ports can be deleted individually 350 networking: fix renaming of bridges and other groups (RHEL-117883) bridge: fix OpenSSH_10.2p1 host key detection Signed-off-by: Jason Schonberg <schonm@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* apache2: upgrade 2.4.65 -> 2.4.66Valeria Petrov2025-12-051-1/+1
| | | | | | | | | | | | | | Security fixes: - CVE-2025-66200 - CVE-2025-65082 - CVE-2025-59775 - CVE-2025-58098 - CVE-2025-55753 See: http://www.apache.org/dist/httpd/CHANGES_2.4.66 Signed-off-by: Valeria Petrov <valeria.petrov@spinetix.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* xdebug: upgrade 3.4.7 -> 3.5.0Liu Yiding2025-12-051-1/+1
| | | | | | | | Change log: https://xdebug.org/updates#x_3_5_0 Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* webmin: upgrade 2.402 -> 2.501Jason Schonberg2025-12-021-1/+1
| | | | | | | | Changelog: https://github.com/webmin/webmin/releases/tag/2.501 Changelog: https://github.com/webmin/webmin/releases/tag/2.500 Signed-off-by: Jason Schonberg <schonm@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* swagger-ui: upgrade 5.30.2 -> 5.30.3Wang Mingyu2025-12-021-1/+1
| | | | | | | | | | | Changelog: ========== - deps: update vulnerable @release-it/conventional-changelog to 10.0.2 - deps: update vulnerable dependencies (js-yaml & glob) - utils: handle sanitizing multi-level relative paths Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* fcgi: upgrade 2.4.6 -> 2.4.7Wang Mingyu2025-12-021-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nginx: switch to libpcre2Hongxu Jia2025-12-011-1/+1
| | | | | | | | | NGINX 1.22 and later supports PCRE2 [1] [1] https://github.com/nginx/nginx/commit/c6fec0b027569a4e0b1d8aaee7dea0f2e4d6052b Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* cockpit: set correct CVE_PRODUCTGyorgy Sarvari2025-11-241-0/+2
| | | | | Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* xdebug: upgrade 3.4.6 -> 3.4.7Jason Schonberg2025-11-231-1/+1
| | | | | | | | | | [2025-10-26] — Xdebug 3.4.7 Fixed bug #2359: PHP 8.4 Lazy Ghost Object inoperable/defunct when Xdebug is enabled Fixed bug #2371: Step debugging initialize lazy objects Fixed bug #2375: Xdebug's exception trace conversion initialises lazy objects Signed-off-by: Jason Schonberg <schonm@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* swagger-ui: upgrade 5.30.0 -> 5.30.2Wang Mingyu2025-11-111-1/+1
| | | | | | | | | | Changelog: ============ - prevent webook from crashing in case of openapi 3.0 - deps: bump react-syntax-highlighter to 16.0.0 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* xdebug: update UPSTREAM_CHECK_URIYi Zhao2025-11-071-1/+2
| | | | | | | | | | | | | | | | | | Update UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX to check the correct latest stable verison. Before the patch: $ devtool latest-version xdebug INFO: Current version: 3.4.6 INFO: Latest version: After the patch: $ devtool latest-version xdebug INFO: Current version: 3.4.6 INFO: Latest version: 3.4.7 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* swagger-ui: upgrade 5.29.5 -> 5.30.0Wang Mingyu2025-11-061-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* webmin: upgrade 2.303 -> 2.402Jason Schonberg2025-10-301-1/+1
| | | | | | | | | Changelog: https://github.com/webmin/webmin/releases/tag/2.402 Changelog: https://github.com/webmin/webmin/releases/tag/2.401 Changelog: https://github.com/webmin/webmin/releases/tag/2.400 Signed-off-by: Jason Schonberg <schonm@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* phpmyadmin: upgrade 5.2.2 -> 5.2.3Jason Schonberg2025-10-251-2/+2
| | | | | | | | | | License-Update: Copyright year updated to 2025 Release note: https://www.phpmyadmin.net/news/2025/10/8/phpmyadmin-523-is-released/ Signed-off-by: Jason Schonberg <schonm@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* xdebug: upgrade 3.4.5 -> 3.4.6Jason Schonberg2025-10-251-1/+1
| | | | | | | | | | [2025-10-06] — Xdebug 3.4.6 Fixed bugs Fixed bug #2328: Stream resource references in stored stack traces don't hold, and can cause crashes Fixed bug #2360: Debugging DateInterval (and other internal objects) causes a crash Signed-off-by: Jason Schonberg <schonm@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>