Caddy is an extensible server platform that uses TLS by default.
Update Information:
Update to version 2.10.0. Aside from the new upstream features, this update also refreshes many bundled dependencies, fixing a few CVEs. https://github.com/caddyserver/caddy/releases/tag/v2.10.0
* Sat Apr 19 2025 Carl George
[ 1 ] Bug #2350493 - caddy-2.10.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2350493
[ 2 ] Bug #2360622 - CVE-2025-22872 caddy: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2360622
[ 3 ] Bug #2361093 - CVE-2024-45339 caddy: Vulnerability when creating log files in github.com/golang/glog [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2361093
[ 4 ] Bug #2361094 - CVE-2025-22869 caddy: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2361094
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-4518c12e2f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
Get the latest Linux and open source security news straight to your inbox.