#patchrelease — Public Fediverse posts

🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!

⚠️ Update NOW or disable GitHub Actions immediately!

https://blog.packagist.com/composer-2-9-8-and-2-2-28-fix-github-actions-token-disclosure-in-error-messages/

#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate

🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!

⚠️ Update NOW or disable GitHub Actions immediately!

https://blog.packagist.com/composer-2-9-8-and-2-2-28-fix-github-actions-token-disclosure-in-error-messages/

#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate

🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!

⚠️ Update NOW or disable GitHub Actions immediately!

https://blog.packagist.com/composer-2-9-8-and-2-2-28-fix-github-actions-token-disclosure-in-error-messages/

#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate

🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!

⚠️ Update NOW or disable GitHub Actions immediately!

https://blog.packagist.com/composer-2-9-8-and-2-2-28-fix-github-actions-token-disclosure-in-error-messages/

#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate

🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!

⚠️ Update NOW or disable GitHub Actions immediately!

https://blog.packagist.com/composer-2-9-8-and-2-2-28-fix-github-actions-token-disclosure-in-error-messages/

#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate

🛠️ Home Assistant 2025.9.4 is out. A small weekend patch and the final one in the 2025.9 cycle.

Next up: beta for 2025.10 starts next week.

Have a great weekend and happy automating 🤖

#HomeAssistant #SmartHome #OpenSource #PatchRelease #Automation

🛠️ Home Assistant 2025.9.4 is out. A small weekend patch and the final one in the 2025.9 cycle.

Next up: beta for 2025.10 starts next week.

Have a great weekend and happy automating 🤖

#HomeAssistant #SmartHome #OpenSource #PatchRelease #Automation

🛠️ Home Assistant 2025.9.4 is out. A small weekend patch and the final one in the 2025.9 cycle.

Next up: beta for 2025.10 starts next week.

Have a great weekend and happy automating 🤖

#HomeAssistant #SmartHome #OpenSource #PatchRelease #Automation

🛠️ Home Assistant 2025.9.4 is out. A small weekend patch and the final one in the 2025.9 cycle.

Next up: beta for 2025.10 starts next week.

Have a great weekend and happy automating 🤖

#HomeAssistant #SmartHome #OpenSource #PatchRelease #Automation

🛠️ Home Assistant 2025.9.4 is out. A small weekend patch and the final one in the 2025.9 cycle.

Next up: beta for 2025.10 starts next week.

Have a great weekend and happy automating 🤖

#HomeAssistant #SmartHome #OpenSource #PatchRelease #Automation

Critical vulnerability in Google's Gemini CLI tool uncovered, posing risks to developers. Upgrade now! #GeminiCLI #Cybersecurity #PatchRelease https://redoracle.com/News/Uncovering-Gemini-CLI-Vulnerability.html

Critical vulnerability in Google's Gemini CLI tool uncovered, posing risks to developers. Upgrade now! #GeminiCLI #Cybersecurity #PatchRelease https://redoracle.com/News/Uncovering-Gemini-CLI-Vulnerability.html

🆕 We released OpenProject 15.4.2 today. This release contains several bug fixes and we highly recommend updating to the newest version.

See our release notes for details: https://openproject.org/docs/release-notes/15-4-2/

#OpenProject #ProjectManagement #Release #OpenSource #PatchRelease

🆕 We released OpenProject 15.4.2 today. This release contains several bug fixes and we highly recommend updating to the newest version.

See our release notes for details: https://openproject.org/docs/release-notes/15-4-2/

#OpenProject #ProjectManagement #Release #OpenSource #PatchRelease

🆕 We released OpenProject 15.4.2 today. This release contains several bug fixes and we highly recommend updating to the newest version.

See our release notes for details: https://openproject.org/docs/release-notes/15-4-2/

#OpenProject #ProjectManagement #Release #OpenSource #PatchRelease

🆕 We released OpenProject 15.4.2 today. This release contains several bug fixes and we highly recommend updating to the newest version.

See our release notes for details: https://openproject.org/docs/release-notes/15-4-2/

#OpenProject #ProjectManagement #Release #OpenSource #PatchRelease

🆕 We released OpenProject 15.4.2 today. This release contains several bug fixes and we highly recommend updating to the newest version.

See our release notes for details: https://openproject.org/docs/release-notes/15-4-2/

#OpenProject #ProjectManagement #Release #OpenSource #PatchRelease

🆕 We just released OpenProject 15.4.1. The release contains several bug fixes and we highly recommend updating to the newest version.

See our release notes for details: https://www.openproject.org/docs/release-notes/15-4-1/

#OpenProject #ProjectManagement #Release #OpenSource #PatchRelease

🆕 We just released OpenProject 15.4.1. The release contains several bug fixes and we highly recommend updating to the newest version.

See our release notes for details: https://www.openproject.org/docs/release-notes/15-4-1/

#OpenProject #ProjectManagement #Release #OpenSource #PatchRelease

🆕 We just released OpenProject 15.4.1. The release contains several bug fixes and we highly recommend updating to the newest version.

See our release notes for details: https://www.openproject.org/docs/release-notes/15-4-1/

#OpenProject #ProjectManagement #Release #OpenSource #PatchRelease

🆕 We just released OpenProject 15.4.1. The release contains several bug fixes and we highly recommend updating to the newest version.

See our release notes for details: https://www.openproject.org/docs/release-notes/15-4-1/

#OpenProject #ProjectManagement #Release #OpenSource #PatchRelease

🆕 We just released OpenProject 15.4.1. The release contains several bug fixes and we highly recommend updating to the newest version.

See our release notes for details: https://www.openproject.org/docs/release-notes/15-4-1/

#OpenProject #ProjectManagement #Release #OpenSource #PatchRelease

GitLab Security Update: Critical Patches Released

Date: April 24, 2024
CVE: Multiple (e.g., CVE-2024-4024, CVE-2024-2434)
Vulnerability Type: Authentication Issues, Path Traversal, DoS, Information Disclosure
CWE: [[CWE-287]], [[CWE-22]], [[CWE-400]], [[CWE-284]]
Sources: GitLab Security Release

Issue Summary

GitLab has released critical security updates (16.11.1, 16.10.4, 16.9.6) addressing multiple high and medium severity vulnerabilities across various versions. The identified issues include authentication bypass, path traversal, and denial of service attacks.

Technical Key findings

Key vulnerabilities allow unauthorized account access, server file reading, and service disruption due to inadequate input validation and authentication checks.

Table of security fixes

|Title|Severity|
|---|---|
|GitLab account takeover, under certain conditions, when using Bitbucket as an OAuth provider|High|
|Path Traversal leads to DoS and Restricted File Read|High|
|Unauthenticated ReDoS in FileFinder when using wildcard filters in project file search|High|
|Personal Access Token scopes not honoured by GraphQL subscriptions|Medium|
|Domain based restrictions bypass using a crafted email address|Medium|

Vulnerable products

• GitLab Community Edition (CE)
• GitLab Enterprise Edition (EE)all versions starting from 7.8 before 16.9.6all versions starting from 16.10 before 16.10.4 all versions starting from 16.11 before 16.11.1.

Impact assessment

Exploits could lead to account takeovers, unauthorized access to sensitive data, and significant service disruptions affecting availability and integrity.

Patches or workaround

Upgrading to the latest versions (16.11.1, 16.10.4, 16.9.6) is strongly recommended as they contain necessary security fixes. To update GitLab, see the Update page.

Tags

#GitLab #CVE-2024-4024 #CVE-2024-2434 #AuthenticationBypass #PathTraversal #DenialOfService #PatchRelease

GitLab Security Update: Critical Patches Released

Date: April 24, 2024
CVE: Multiple (e.g., CVE-2024-4024, CVE-2024-2434)
Vulnerability Type: Authentication Issues, Path Traversal, DoS, Information Disclosure
CWE: [[CWE-287]], [[CWE-22]], [[CWE-400]], [[CWE-284]]
Sources: GitLab Security Release

Issue Summary

GitLab has released critical security updates (16.11.1, 16.10.4, 16.9.6) addressing multiple high and medium severity vulnerabilities across various versions. The identified issues include authentication bypass, path traversal, and denial of service attacks.

Technical Key findings

Key vulnerabilities allow unauthorized account access, server file reading, and service disruption due to inadequate input validation and authentication checks.

Table of security fixes

|Title|Severity|
|---|---|
|GitLab account takeover, under certain conditions, when using Bitbucket as an OAuth provider|High|
|Path Traversal leads to DoS and Restricted File Read|High|
|Unauthenticated ReDoS in FileFinder when using wildcard filters in project file search|High|
|Personal Access Token scopes not honoured by GraphQL subscriptions|Medium|
|Domain based restrictions bypass using a crafted email address|Medium|

Vulnerable products

• GitLab Community Edition (CE)
• GitLab Enterprise Edition (EE)all versions starting from 7.8 before 16.9.6all versions starting from 16.10 before 16.10.4 all versions starting from 16.11 before 16.11.1.

Impact assessment

Exploits could lead to account takeovers, unauthorized access to sensitive data, and significant service disruptions affecting availability and integrity.

Patches or workaround

Upgrading to the latest versions (16.11.1, 16.10.4, 16.9.6) is strongly recommended as they contain necessary security fixes. To update GitLab, see the Update page.

Tags

#GitLab #CVE-2024-4024 #CVE-2024-2434 #AuthenticationBypass #PathTraversal #DenialOfService #PatchRelease

GitLab Security Update: Critical Patches Released

Date: April 24, 2024
CVE: Multiple (e.g., CVE-2024-4024, CVE-2024-2434)
Vulnerability Type: Authentication Issues, Path Traversal, DoS, Information Disclosure
CWE: [[CWE-287]], [[CWE-22]], [[CWE-400]], [[CWE-284]]
Sources: GitLab Security Release

Issue Summary

GitLab has released critical security updates (16.11.1, 16.10.4, 16.9.6) addressing multiple high and medium severity vulnerabilities across various versions. The identified issues include authentication bypass, path traversal, and denial of service attacks.

Technical Key findings

Key vulnerabilities allow unauthorized account access, server file reading, and service disruption due to inadequate input validation and authentication checks.

Table of security fixes

|Title|Severity|
|---|---|
|GitLab account takeover, under certain conditions, when using Bitbucket as an OAuth provider|High|
|Path Traversal leads to DoS and Restricted File Read|High|
|Unauthenticated ReDoS in FileFinder when using wildcard filters in project file search|High|
|Personal Access Token scopes not honoured by GraphQL subscriptions|Medium|
|Domain based restrictions bypass using a crafted email address|Medium|

Vulnerable products

• GitLab Community Edition (CE)
• GitLab Enterprise Edition (EE)all versions starting from 7.8 before 16.9.6all versions starting from 16.10 before 16.10.4 all versions starting from 16.11 before 16.11.1.

Impact assessment

Exploits could lead to account takeovers, unauthorized access to sensitive data, and significant service disruptions affecting availability and integrity.

Patches or workaround

Upgrading to the latest versions (16.11.1, 16.10.4, 16.9.6) is strongly recommended as they contain necessary security fixes. To update GitLab, see the Update page.

Tags

#GitLab #CVE-2024-4024 #CVE-2024-2434 #AuthenticationBypass #PathTraversal #DenialOfService #PatchRelease

GitLab Security Update: Critical Patches Released

Date: April 24, 2024
CVE: Multiple (e.g., CVE-2024-4024, CVE-2024-2434)
Vulnerability Type: Authentication Issues, Path Traversal, DoS, Information Disclosure
CWE: [[CWE-287]], [[CWE-22]], [[CWE-400]], [[CWE-284]]
Sources: GitLab Security Release

Issue Summary

GitLab has released critical security updates (16.11.1, 16.10.4, 16.9.6) addressing multiple high and medium severity vulnerabilities across various versions. The identified issues include authentication bypass, path traversal, and denial of service attacks.

Technical Key findings

Key vulnerabilities allow unauthorized account access, server file reading, and service disruption due to inadequate input validation and authentication checks.

Table of security fixes

|Title|Severity|
|---|---|
|GitLab account takeover, under certain conditions, when using Bitbucket as an OAuth provider|High|
|Path Traversal leads to DoS and Restricted File Read|High|
|Unauthenticated ReDoS in FileFinder when using wildcard filters in project file search|High|
|Personal Access Token scopes not honoured by GraphQL subscriptions|Medium|
|Domain based restrictions bypass using a crafted email address|Medium|

Vulnerable products

• GitLab Community Edition (CE)
• GitLab Enterprise Edition (EE)all versions starting from 7.8 before 16.9.6all versions starting from 16.10 before 16.10.4 all versions starting from 16.11 before 16.11.1.

Impact assessment

Exploits could lead to account takeovers, unauthorized access to sensitive data, and significant service disruptions affecting availability and integrity.

Patches or workaround

Upgrading to the latest versions (16.11.1, 16.10.4, 16.9.6) is strongly recommended as they contain necessary security fixes. To update GitLab, see the Update page.

Tags

#GitLab #CVE-2024-4024 #CVE-2024-2434 #AuthenticationBypass #PathTraversal #DenialOfService #PatchRelease

GitLab Security Update: Critical Patches Released

Date: April 24, 2024
CVE: Multiple (e.g., CVE-2024-4024, CVE-2024-2434)
Vulnerability Type: Authentication Issues, Path Traversal, DoS, Information Disclosure
CWE: [[CWE-287]], [[CWE-22]], [[CWE-400]], [[CWE-284]]
Sources: GitLab Security Release

Issue Summary

GitLab has released critical security updates (16.11.1, 16.10.4, 16.9.6) addressing multiple high and medium severity vulnerabilities across various versions. The identified issues include authentication bypass, path traversal, and denial of service attacks.

Technical Key findings

Key vulnerabilities allow unauthorized account access, server file reading, and service disruption due to inadequate input validation and authentication checks.

Table of security fixes

|Title|Severity|
|---|---|
|GitLab account takeover, under certain conditions, when using Bitbucket as an OAuth provider|High|
|Path Traversal leads to DoS and Restricted File Read|High|
|Unauthenticated ReDoS in FileFinder when using wildcard filters in project file search|High|
|Personal Access Token scopes not honoured by GraphQL subscriptions|Medium|
|Domain based restrictions bypass using a crafted email address|Medium|

Vulnerable products

• GitLab Community Edition (CE)
• GitLab Enterprise Edition (EE)all versions starting from 7.8 before 16.9.6all versions starting from 16.10 before 16.10.4 all versions starting from 16.11 before 16.11.1.

Impact assessment

Exploits could lead to account takeovers, unauthorized access to sensitive data, and significant service disruptions affecting availability and integrity.

Patches or workaround

Upgrading to the latest versions (16.11.1, 16.10.4, 16.9.6) is strongly recommended as they contain necessary security fixes. To update GitLab, see the Update page.

Tags

#GitLab #CVE-2024-4024 #CVE-2024-2434 #AuthenticationBypass #PathTraversal #DenialOfService #PatchRelease

Latest release 1.10.1

We’re happy to announce the release of a new patch for the Crystal 1.10 series, which comes with three bugfixes. To view full statistics and changes brought in by the patch release, please visit https://crystal-lang.org/2023/10/13/1.10.1-released/. Installation instructions can be found at https://crystal-lang.org/install/.

We are grateful to everyone who contributed for their work in enhancing the language.

Happy Crystalising🙂 !
#CrystalLang #Patchrelease

Latest release 1.10.1

We’re happy to announce the release of a new patch for the Crystal 1.10 series, which comes with three bugfixes. To view full statistics and changes brought in by the patch release, please visit https://crystal-lang.org/2023/10/13/1.10.1-released/. Installation instructions can be found at https://crystal-lang.org/install/.

We are grateful to everyone who contributed for their work in enhancing the language.

Happy Crystalising🙂 !
#CrystalLang #Patchrelease

Latest release 1.10.1

We’re happy to announce the release of a new patch for the Crystal 1.10 series, which comes with three bugfixes. To view full statistics and changes brought in by the patch release, please visit https://crystal-lang.org/2023/10/13/1.10.1-released/. Installation instructions can be found at https://crystal-lang.org/install/.

We are grateful to everyone who contributed for their work in enhancing the language.

Happy Crystalising🙂 !
#CrystalLang #Patchrelease

Latest release 1.10.1

We’re happy to announce the release of a new patch for the Crystal 1.10 series, which comes with three bugfixes. To view full statistics and changes brought in by the patch release, please visit https://crystal-lang.org/2023/10/13/1.10.1-released/. Installation instructions can be found at https://crystal-lang.org/install/.

We are grateful to everyone who contributed for their work in enhancing the language.

Happy Crystalising🙂 !
#CrystalLang #Patchrelease

Latest release 1.10.1

We’re happy to announce the release of a new patch for the Crystal 1.10 series, which comes with three bugfixes. To view full statistics and changes brought in by the patch release, please visit https://crystal-lang.org/2023/10/13/1.10.1-released/. Installation instructions can be found at https://crystal-lang.org/install/.

We are grateful to everyone who contributed for their work in enhancing the language.

Happy Crystalising🙂 !
#CrystalLang #Patchrelease