This update for caddy fixes the following issues:
- Update to version 2.8.4:
* cmd: fix regression in auto-detect of Caddyfile (#6362)
* Tag v2.8.3 was mistakenly made on the v2.8.2 commit and is skipped
- Update to version 2.8.2:
* cmd: fix auto-detetction of .caddyfile extension (#6356)
* caddyhttp: properly sanitize requests for root path (#6360)
* caddytls: Implement certmagic.RenewalInfoGetter
* build(deps): bump golangci/golangci-lint-action from 5 to 6 (#6361)
- Update to version 2.8.1:
* caddyhttp: Fix merging consecutive `client_ip` or `remote_ip` matchers
(#6350)
* core: MkdirAll appDataDir in InstanceID with 0o700 (#6340)
- Update to version 2.8.0:
* acmeserver: Add `sign_with_root` for Caddyfile (#6345)
* caddyfile: Reject global request matchers earlier (#6339)
* core: Fix bug in AppIfConfigured (fix #6336)
* fix a typo (#6333)
* autohttps: Move log WARN to INFO, reduce...
Read the Full AdvisoryPatch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP6:
zypper in -t patch openSUSE-2024-220=1
- openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64):
caddy-2.8.4-bp156.3.3.1
- openSUSE Backports SLE-15-SP6 (noarch):
caddy-bash-completion-2.8.4-bp156.3.3.1
caddy-fish-completion-2.8.4-bp156.3.3.1
caddy-zsh-completion-2.8.4-bp156.3.3.1
https://www.suse.com/security/cve/CVE-2023-45142.html
https://www.suse.com/security/cve/CVE-2024-22189.html
https://bugzilla.suse.com/1222468
Get the latest Linux and open source security news straight to your inbox.