This update for caddy fixes the following issues:
Update to version 2.8.4:
* cmd: fix regression in auto-detect of Caddyfile (#6362)
* Tag v2.8.3 was mistakenly made on the v2.8.2 commit and is skipped
Update to version 2.8.2:
* cmd: fix auto-detetction of .caddyfile extension (#6356)
* caddyhttp: properly sanitize requests for root path (#6360)
* caddytls: Implement certmagic.RenewalInfoGetter
Update to version 2.8.1:
* caddyhttp: Fix merging consecutive `client_ip` or `remote_ip` matchers
(#6350)
* core: MkdirAll appDataDir in InstanceID with 0o700 (#6340)
Update to version 2.8.0:
* acmeserver: Add `sign_with_root` for Caddyfile (#6345)
* caddyfile: Reject global request matchers earlier (#6339)
* core: Fix bug in AppIfConfigured (fix #6336)
* fix a typo (#6333)
* autohttps: Move log WARN to INFO, reduce confusion (#6185)
* reverseproxy: Support HTTP/3 transport to backend (#6312)
*...
Read the Full AdvisoryPatch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP5:
zypper in -t patch openSUSE-2024-211=1
- openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64):
caddy-2.8.4-bp155.2.3.1
- openSUSE Backports SLE-15-SP5 (noarch):
caddy-bash-completion-2.8.4-bp155.2.3.1
caddy-fish-completion-2.8.4-bp155.2.3.1
caddy-zsh-completion-2.8.4-bp155.2.3.1
https://www.suse.com/security/cve/CVE-2023-45142.html
https://www.suse.com/security/cve/CVE-2024-22189.html
https://bugzilla.suse.com/1222468
Get the latest Linux and open source security news straight to your inbox.