Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

CentOS 8 libcurl Security Update with Patch 2026-a1b2c34d5e Applied

fedora
Calendar Grey March 31, 2026
Dist Fedora Esm H88
Critical update for Fedora 44 cpp-httplib addresses path traversal threats and ensures robust file handling.
Update to 0.38.0 (rhbz#2447261) Filename sanitization for path traversal prevention \u2014 Added sanitize_filename() to prevent path traversal attacks via malicious filenames in mu...

Summary

A C++11 single-file header-only cross platform HTTP/HTTPS library.

It's extremely easy to setup. Just include the httplib.h file in your code!

Update Information:

Update to 0.38.0 (rhbz#2447261) Filename sanitization for path traversal prevention \u2014 Added sanitize_filename() to prevent path traversal attacks via malicious filenames in multipart uploads (83e98a2) Symlink protection in static file server \u2014 Static file serving now detects and rejects symlinks that point outside the mount directory, preventing symlink- based directory traversal (f787f31) Brotli compression support \u2014 Added Brotli (br) as a supported content encoding alongside gzip and deflate (ec1ffbc) Accept-Encoding quality parameter parsing \u2014 The server now parses q= quality values in the Accept-Encoding header and selects the best encoding accordingly (bb7c7ab) SSL proxy connection support \u2014 SSLClient can now establish connections through HTTPS proxies, with a new setup_proxy_connection method for cleaner proxy handling (f6ed5fc, b1bb2b7) WebSocket ping interval runtime configuration \u2014 WebSocket ping interval can now be configured at runtime instea...

Topics%20covered

Topics Covered

security advisory denial of service fedora update path traversal C++ library

Change Log

* Tue Mar 17 2026 Petr Men\u0161k - 0.38.0-1 - Update to 0.38.0 (rhbz#2447261) * Tue Mar 17 2026 Petr Men\u0161k - 0.37.2-1 - Update to 0.37.2 - Fixes silent TLS certificate verification bypass on HTTPS Redirect via proxy (CVE-2026-32627, rhbz#2448105)

References


[ 1 ] Bug #2447261 - cpp-httplib-0.38.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2447261 [ 2 ] Bug #2448105 - CVE-2026-32627 cpp-httplib: silent TLS certificate verification bypass on HTTPS Redirect via proxy [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2448105

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-03599f0b32' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: cpp-httplib
Product: Fedora 44
Version: 0.38.0
Release: 1.fc44
URL: https://github.com/yhirose/cpp-httplib
Summary: A C++11 single-file header-only cross platform HTTP/HTTPS library

Topics%20covered

Topics Covered

security advisory denial of service fedora update path traversal C++ library

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here