Explore top 10 tips to secure your open-source projects now. Read More
×
This update for hauler fixes the following issues:
Changes in hauler:
- update to 2.0.1 (bsc#1269433, CVE-2026-48702):
* bump go to 1.26.4 to squash CVE noise
* Full v2 Release notes: https://github.com/hauler-
dev/hauler/releases/tag/v2.0.0
- update to 2.0.0:
* `v2.0.0` is a **major** release. It replaces Hauler's entire
OCI plumbing... the ORAS v1 dependency and the in-house
cosign fork with a native containerd based implementation,
drops the deprecated `v1alpha1` API, and layers on a
meaningful set of new capabilities and reliability fixes on
top of that new foundation.
* **Removed the ORAS v1 dependency** - push/pull is now driven
directly by containerd's docker resolver and `google/go-
containerregistry`, new `pkg/content/registry.go`
(`RegistryTarget`) and `pkg/content/types.go` (`Target`
interface, `IoContentWriter`) replaces what ORAS used to own.
* **Removed the hauler-maintained cosign fork** - `pkg/cosign`
is now a...
Read the Full Advisory- openSUSE Leap 16.0:
hauler-2.0.1-bp160.1.1
* bsc#1267150
* bsc#1269433
References:
* https://www.suse.com/security/cve/CVE-2026-25680.html
* https://www.suse.com/security/cve/CVE-2026-25681.html
* https://www.suse.com/security/cve/CVE-2026-27136.html
* https://www.suse.com/security/cve/CVE-2026-42502.html
* https://www.suse.com/security/cve/CVE-2026-42506.html
* https://www.suse.com/security/cve/CVE-2026-48702.html
Get the latest Linux and open source security news straight to your inbox.