File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -23,46 +23,11 @@ Released on TBD
2323
2424### Security
2525
26- #### JWT empty-key HMAC bypass
27-
28- Updated ` jwt ` from 3.1.2 to 3.2.0 in ` oc-id ` and ` chef-server-ctl ` to resolve an authentication
29- bypass vulnerability affecting versions prior to 3.2.0.
30-
31- - CVE-2026 -45363
32-
33- #### Addressable URI Template ReDoS
34-
35- Updated ` addressable ` from 2.8.7 to 2.9.0 in ` oc-id ` and ` chef-server-ctl ` to fully remediate a
36- regular expression denial of service (ReDoS) vulnerability in URI template matching.
37-
38- - CVE-2026 -35611
39-
40- #### Erlang Security Updates
41-
42- Updated Erlang/OTP from 26.2.2 to 26.2.5, which resolves the following CVEs:
43-
44- - CVE-2025 -32433
45- - CVE-2025 -30211
46- - CVE-2025 -26618
47- - CVE-2025 -48041
48- - CVE-2025 -48038
49- - CVE-2025 -48039
50- - CVE-2025 -48040
51- - CVE-2025 -4748
52- - CVE-2024 -53846
53- - CVE-2025 -46712
54-
55- #### Rack security update
56-
57- Updated Rack from 3.2.4 to 3.2.6 to resolve the following CVEs:
58-
59- - CVE-2025 -9230
60- - CVE-2025 -9231
61- - CVE-2025 -9232
62-
63- #### Reduced information disclosure at ` /version ` endpoint
64-
65- The ` /version ` API endpoint no longer exposes internal library names and version details.
26+ - Updated ` jwt ` from 3.1.2 to 3.2.0 in ` oc-id ` and ` chef-server-ctl ` .
27+ - Updated ` addressable ` from 2.8.7 to 2.9.0 in ` oc-id ` and ` chef-server-ctl ` .
28+ - Updated Erlang/OTP from 26.2.2 to 26.2.5.
29+ - Updated Rack from 3.2.4 to 3.2.6.
30+ - The ` /version ` API endpoint no longer exposes internal library names and version details.
6631
6732### Bug Fixes
6833
You can’t perform that action at this time.
0 commit comments