This update for v2ray-core fixes the following issues:
- Update version to 5.47.0
* Add sticky choice option for leastping
* Add support for enrollment links in tlsmirror
* Add Wireguard Outbound (unreleased)
* Add sticky choice option for leastping
* Generalize IP address parsing in TUN stack options
* Fix bugs
- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to
improper validation of the HTTP/2 :path pseudo-header (boo#1260329)
- Update version to 5.44.1
* uTLS: bundled library updated to v1.8.2 for Chrome120 imitation
profile identification
* Update golang toolchain to v1.25.6, which fixed an vulnerable
(tls.Config).Clone function
* Fix bugs
- Update version to 5.42.0
* Add TLSMirror bootstrap enrollment and self enrollment feature
* TLSMirror Inverse Role Request Tripper Enrollment Server Support
- CVE-2025-47911: v2ray-core: golang.org/x/net/html: various...
Read the Full AdvisoryPatch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP7:
zypper in -t patch openSUSE-2026-103=1
- openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64):
v2ray-core-5.47.0-bp157.2.6.1
- openSUSE Backports SLE-15-SP7 (noarch):
golang-github-v2fly-v2ray-core-5.47.0-bp157.2.6.1
https://www.suse.com/security/cve/CVE-2025-47911.html
https://www.suse.com/security/cve/CVE-2026-33186.html
https://bugzilla.suse.com/1251404
https://bugzilla.suse.com/1260329
Get the latest Linux and open source security news straight to your inbox.