Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 14 articles for you...
202
security advisorymoderateupdateopenSUSE rclone Moderate 23 Security Issues Fixed 2026-10856-1
An update that solves 23 vulnerabilities can now be installed.. # rclone-1.74.2-1.1 on GA media Announcement ID: openSUSE-SU-2026:10856-1 Rating: moderate Cross-References: * CVE-2026-25680 * CVE-2026-25681 * CVE-2026-27136 * CVE-2026-33809 * CVE-2026-39821 * CVE-2026-39824 * CVE-2026-39827 * CVE-2026-39828 * CVE-2026-39829 * CVE-2026-39830 * CVE-2026-39831 * CVE-2026-39832 * CVE-2026-39833 * CVE-2026-39834 * CVE-2026-39835 * CVE-2026-42500 * CVE-2026-42502 * CVE-2026-42506 * CVE-2026-42508 * CVE-2026-44740 * CVE-2026-46595 * CVE-2026-46597 * CVE-2026-46598 CVSS scores: * CVE-2026-39827 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39827 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-39828 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39828 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-39829 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39829 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-39830 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39830 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-39831 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39831 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-39832 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N * CVE-2026-39832 ( SUSE ): 6.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N * CVE-2026-39833 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-39833 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-39834 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39834 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N *CVE-2026-39835 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39835 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-42508 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-42508 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-46595 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-46595 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-46597 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46597 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-46598 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46598 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves 23 vulnerabilities can now be installed. ## Description: These are all security issues fixed in the rclone-1.74.2-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * rclone 1.74.2-1.1 * rclone-bash-completion 1.74.2-1.1 * rclone-zsh-completion 1.74.2-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25680.html * https://www.suse.com/security/cve/CVE-2026-25681.html * https://www.suse.com/security/cve/CVE-2026-27136.html * https://www.suse.com/security/cve/CVE-2026-33809.html * https://www.suse.com/security/cve/CVE-2026-39821.html * https://www.suse.com/security/cve/CVE-2026-39824.html * https://www.suse.com/security/cve/CVE-2026-39827.html * https://www.suse.com/security/cve/CVE-2026-39828.html * https://www.suse.com/security/cve/CVE-2026-39829.html * https://www.suse.com/security/cve/CVE-2026-39830.html * https://www.suse.com/security/cve/CVE-2026-39831.html * https://www.suse.com/security/cve/CVE-2026-39832.html * https://www.suse.com/security/cve/CVE-2026-39833.html *https://www.suse.com/security/cve/CVE-2026-39834.html * https://www.suse.com/security/cve/CVE-2026-39835.html * https://www.suse.com/security/cve/CVE-2026-42500.html * https://www.suse.com/security/cve/CVE-2026-42502.html * https://www.suse.com/security/cve/CVE-2026-42506.html * https://www.suse.com/security/cve/CVE-2026-42508.html * https://www.suse.com/security/cve/CVE-2026-44740.html * https://www.suse.com/security/cve/CVE-2026-46595.html * https://www.suse.com/security/cve/CVE-2026-46597.html * https://www.suse.com/security/cve/CVE-2026-46598.html . Update rclone-1.74.2-1.1 on openSUSE fixes 23 security issues. Get details on severity and threats involved.. openSUSE Security Advisory, rclone update, moderate severity security, openSUSE vulnerabilities. . Severity: moderate. LinuxSecurity.com Team
May 25, 2026
•moderate
OpenSUSE
172
security advisorycriticalarbitrary code executionUbuntu 26.04 Rclone Serious Arbitrary Code Execution Flaw USN-8299-1
Several security issues were fixed in Rclone.. ========================================================================== Ubuntu Security Notice USN-8299-1 May 25, 2026 rclone vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in Rclone. Software Description: - rclone: rsync for commercial cloud storage Details: It was discovered that Rclone incorrectly handled authorization in the remote control API. An attacker could possibly use this issue to obtain sensitive information. (CVE-2026-41176) It was discovered that Rclone incorrectly handled backend instantiation via the remote control API. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-41179) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS rclone 1.60.1+dfsg-4ubuntu3.1 Ubuntu 25.10 rclone 1.60.1+dfsg-4ubuntu2.1 Ubuntu 24.04 LTS rclone 1.60.1+dfsg-3ubuntu0.24.04.5 Ubuntu 22.04 LTS rclone 1.53.3-4ubuntu1.22.04.4 Ubuntu 20.04 LTS rclone 1.50.2-2ubuntu0.2+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8299-1 CVE-2026-41176, CVE-2026-41179 Package Information: https://launchpad.net/ubuntu/+source/rclone/1.60.1+dfsg-4ubuntu3.1 https://launchpad.net/ubuntu/+source/rclone/1.60.1+dfsg-4ubuntu2.1 https://launchpad.net/ubuntu/+source/rclone/1.60.1+dfsg-3ubuntu0.24.04.5 https://launchpad.net/ubuntu/+source/rclone/1.53.3-4ubuntu1.22.04.4 .Update your Ubuntu systems for Rclone vulnerabilities identified by CVE-2026-41176 and CVE-2026-41179.. Ubuntu Security Notice Rclone Arbitrary Code Execution Remote Control API. . Severity: Critical. LinuxSecurity.com Team
May 25, 2026
•Critical
Ubuntu
203
security advisorysecurity issueupdateMageia rclone Important Security Update MGASA-2026-0147 Available Now
MGASA-2026-0147 - Updated rclone packages fix security vulnerabilities. MGASA-2026-0147 - Updated rclone packages fix security vulnerabilities Publication date: 18 May 2026 URL: https://advisories.mageia.org/MGASA-2026-0147.html Type: security Affected Mageia releases: 9 CVE: CVE-2026-41179, CVE-2026-41176, CVE-2026-32282, CVE-2026-32289, CVE-2026-33810, CVE-2026-27144, CVE-2026-27143, CVE-2026-32288, CVE-2026-32283, CVE-2026-27140, CVE-2026-32280, CVE-2026-32281, CVE-2026-33186, CVE-2026-27137, CVE-2026-27138, CVE-2026-25679, CVE-2026-27142, CVE-2026-1229, CVE-2026-27141, CVE-2025-68121, CVE-2025-61729, CVE-2025-58181, CVE-2025-30204, CVE-2025-22869, CVE-2025-22870, CVE-2024-45337, CVE-2024-45338, CVE-2024-52522, CVE-2023-45288, CVE-2024-35255, CVE-2023-48795 Description: This update bring new features, bugs and vulnerabilities fixed in rclone and golang components used to build it. References: - https://bugs.mageia.org/show_bug.cgi?id=33808 - https://rclone.org/changelog/#v1-73-5-2026-04-19 - https://rclone.org/changelog/#v1-73-4-2026-04-08 - https://rclone.org/changelog/#v1-73-3-2026-03-23 - https://rclone.org/changelog/#v1-73-2-2026-03-06 - https://rclone.org/changelog/#v1-73-1-2026-02-17 - https://rclone.org/changelog/#v1-73-0-2026-01-30 - https://rclone.org/changelog/#v1-72-1-2025-12-10 - https://rclone.org/changelog/#v1-72-0-2025-11-21 - https://rclone.org/changelog/#v1-71-2-2025-10-20 - https://rclone.org/changelog/#v1-71-1-2025-09-24 - https://rclone.org/changelog/#v1-71-0-2025-08-22 - https://rclone.org/changelog/#v1-70-3-2025-07-09 - https://rclone.org/changelog/#v1-70-2-2025-06-27 - https://rclone.org/changelog/#v1-70-1-2025-06-19 - https://rclone.org/changelog/#v1-70-0-2025-06-17 - https://rclone.org/changelog/#v1-69-3-2025-05-21 - https://rclone.org/changelog/#v1-69-2-2025-05-01 - https://rclone.org/changelog/#v1-69-1-2025-02-14 -https://rclone.org/changelog/#v1-69-0-2025-01-12 - https://rclone.org/changelog/#v1-68-2-2024-11-15 - https://rclone.org/changelog/#v1-68-1-2024-09-24 - https://rclone.org/changelog/#v1-68-0-2024-09-08 - https://rclone.org/changelog/#v1-67-0-2024-06-14 - https://rclone.org/changelog/#v1-66-0-2024-03-10 - https://rclone.org/changelog/#v1-65-2-2024-01-24 - https://rclone.org/changelog/#v1-65-1-2024-01-08 - https://rclone.org/changelog/#v1-65-0-2023-11-26 - https://rclone.org/changelog/#v1-64-2-2023-10-19 - https://rclone.org/changelog/#v1-64-1-2023-10-17 - https://rclone.org/changelog/#v1-64-0-2023-09-11 - https://rclone.org/changelog/#v1-63-1-2023-07-17 - https://rclone.org/changelog/#v1-63-0-2023-06-30 - https://rclone.org/changelog/#v1-62-2-2023-03-16 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41179 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41176 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32289 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33810 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27144 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27143 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32288 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27140 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32281 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33186 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27137 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27138 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27142 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1229 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27141 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58181 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30204 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22869 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22870 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45337 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45338 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52522 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35255 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795 SRPMS: - 9/core/rclone-1.73.5-1.1.mga9 . Updated rclone packages in Mageia fix critical issues. Ensure your system is secure with this update.. Mageia Rclone Security Update Critical Issues. . Severity: Critical. LinuxSecurity.com Team
May 18, 2026
•Critical
Mageia
202
security advisorymoderatesecurity issueopenSUSE Tumbleweed Advisory 2026-10762-1 CVE-2026-33814 rclone Moderate
An update that solves one vulnerability can now be installed.. # rclone-1.74.1-1.1 on GA media Announcement ID: openSUSE-SU-2026:10762-1 Rating: moderate Cross-References: * CVE-2026-33814 CVSS scores: * CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the rclone-1.74.1-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * rclone 1.74.1-1.1 * rclone-bash-completion 1.74.1-1.1 * rclone-zsh-completion 1.74.1-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33814.html . An update for openSUSE resolves a moderate issue in rclone. Stay secure with the latest patch.. openSUSE Tumbleweed,rclone security,Linux updates,system security,software vulnerabilities. . LinuxSecurity.com Team
May 14, 2026
OpenSUSE
89
security advisorydenial of servicefedoraFedora 43 Rclone Security Advisory 2026-2bb2aee489 Denial of Service
Update to 1.74.0. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-2bb2aee489 2026-05-11 01:00:46.370217+00:00 -------------------------------------------------------------------------------- Name : rclone Product : Fedora 43 Version : 1.74.0 Release : 2.fc43 URL : https://github.com/rclone/rclone Summary : Rsync for cloud storage Description : "rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Drive, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files. -------------------------------------------------------------------------------- Update Information: Update to 1.74.0 -------------------------------------------------------------------------------- ChangeLog: * Sat May 2 2026 Mikel Olasagasti Uranga - 1.74.0-2 - Fix tests failing with Go 1.25 * Fri May 1 2026 Mikel Olasagasti Uranga - 1.74.0-1 - Update to 1.74.0 - Closes rhbz#2459511 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2441180 - CVE-2025-69725 rclone: Go-chi/chi: Open Redirect vulnerability allows redirection to malicious websites [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2441180 [ 2 ] Bug #2456042 - CVE-2026-33817 rclone: go.etcd.io/bbolt: Denial of Service via index out-of-range error [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2456042 [ 3 ] Bug #2461128 - CVE-2026-41176 rclone: Rclone: Unauthorized access to administrative functions through unauthenticated Remote Control endpoint. [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2461128 [ 4 ] Bug #2463186 - CVE-2026-3006 rclone: winfsp: Local privilege escalation via race condition and kernel heap overflow [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2463186 [ 5 ] Bug #2464137 - CVE-2026-41179 rclone: Rclone: Unauthenticated local command execution viaexposed RC endpoint [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2464137 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-2bb2aee489' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
May 11, 2026
•Important
Fedora
89
security advisoryunauthorized accessfedoraFedora 44 rclone 1.74.0 Advisory for Denial of Service and Access Issues
Update to 1.74.0. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-63341da831 2026-05-10 02:48:49.647071+00:00 -------------------------------------------------------------------------------- Name : rclone Product : Fedora 44 Version : 1.74.0 Release : 2.fc44 URL : https://github.com/rclone/rclone Summary : Rsync for cloud storage Description : "rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Drive, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files. -------------------------------------------------------------------------------- Update Information: Update to 1.74.0 -------------------------------------------------------------------------------- ChangeLog: * Sat May 2 2026 Mikel Olasagasti Uranga - 1.74.0-2 - Fix tests failing with Go 1.25 * Fri May 1 2026 Mikel Olasagasti Uranga - 1.74.0-1 - Update to 1.74.0 - Closes rhbz#2459511 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2456042 - CVE-2026-33817 rclone: go.etcd.io/bbolt: Denial of Service via index out-of-range error [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2456042 [ 2 ] Bug #2461128 - CVE-2026-41176 rclone: Rclone: Unauthorized access to administrative functions through unauthenticated Remote Control endpoint. [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2461128 [ 3 ] Bug #2463186 - CVE-2026-3006 rclone: winfsp: Local privilege escalation via race condition and kernel heap overflow [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2463186 [ 4 ] Bug #2464137 - CVE-2026-41179 rclone: Rclone: Unauthenticated local command execution via exposed RC endpoint [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2464137 -------------------------------------------------------------------------------- This update can beinstalled with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-63341da831' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
May 10, 2026
•Critical
Fedora
202
security advisorymoderatesecurity issueopenSUSE Tumbleweed rclone Moderate Security Issues 2026-10682-1
An update that solves 2 vulnerabilities can now be installed.. # rclone-1.74.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10682-1 Rating: moderate Cross-References: * CVE-2026-32952 * CVE-2026-33813 Affected Products: * openSUSE Tumbleweed An update that solves 2 vulnerabilities can now be installed. ## Description: These are all security issues fixed in the rclone-1.74.0-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * rclone 1.74.0-1.1 * rclone-bash-completion 1.74.0-1.1 * rclone-zsh-completion 1.74.0-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32952.html * https://www.suse.com/security/cve/CVE-2026-33813.html . Update for rclone on openSUSE addresses moderate severity security issues and vulnerabilities. Immediate installation recommended.. openSUSE rclone security patch moderate threat update. . LinuxSecurity.com Team
May 06, 2026
OpenSUSE
202
security advisorycriticalDoSopenSUSE 2026-0151-1 rclone Critical Update for Multiple Issues
An update that fixes 18 vulnerabilities is now available.. openSUSE Security Update: Security update for rclone ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0151-1 Rating: critical References: #1140423 #1232964 #1233422 #1262438 #1262439 Cross-References: CVE-2023-45286 CVE-2023-45288 CVE-2023-48795 CVE-2024-24786 CVE-2024-45337 CVE-2024-45338 CVE-2024-51744 CVE-2024-52522 CVE-2025-22869 CVE-2025-22870 CVE-2025-30204 CVE-2025-58181 CVE-2025-68121 CVE-2026-1229 CVE-2026-27141 CVE-2026-33186 CVE-2026-41176 CVE-2026-41179 CVSS scores: CVE-2023-45288 (SUSE): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2023-48795 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2024-24786 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-45337 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2024-45338 (SUSE): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2024-51744 (SUSE): 2.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVE-2025-22869 (SUSE): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-22870 (SUSE): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2025-30204 (SUSE): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-58181 (SUSE): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2025-68121 (SUSE): 7.6 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVE-2026-27141 (SUSE): 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-33186 (SUSE): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N Affected Products: openSUSE Backports SLE-15-SP6 openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that fixes 18 vulnerabilities is now available. Description: This update for rclone fixes the following issues: - Update to version 1.73.5: (boo#1262439 boo#1262438) * operations: add AuthRequired to operations/fsinfo to prevent backend creation CVE-2026-41179 * rc: snapshot NoAuth at startup to prevent runtime auth bypass CVE-2026-41176 * rc: add AuthRequired to options/set to prevent auth bypass CVE-2026-41176 * s3: fix empty delimiter parameter rejected by Archiware P5 server * azureblob/auth: add Microsoft Partner Network User-Agent prefix * drime: fix User.EntryPermissions JSON unmarshalling * filter: fix debug logs that fire before logger is configured - fixes #9291 * s3: fix TencentCOS CDN endpoint failing on bucket check * iclouddrive: fix 'directory not found' error when the directory contains accent marks * Start v1.73.5-DEV development - Update to version 1.73.4: * Version v1.73.4 * Update to go 1.25.9 to fix multiple CVEs * build: fix Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder * docs: fix markdown issues in mount docs * docs: fix header level for metadata option * fix(docs): Fix link to not be language specific * filen: update SDK version * build(deps): bump golang.org/x/image from 0.36.0 to 0.38.0 * docs: note macOS 10.15 (Catalina) support with version v1.70.3 * Start v1.73.4-DEV development - Update to version 1.73.3: (CVE-2026-33186 GHSA-6g7g-w4f8-9c9x) * Version v1.73.3 * build(deps): bump github.com/buger/jsonparserfrom 1.1.1 to 1.1.2 * docs/jottacloud: fix broken link * docs: clarify Filen password change requires updating both password and API key in rclone config * docs: note that Filen API key changes on password change * build(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 * s3: add multi tenant support for Cubbit * lib/rest: fix URLPathEscapeAll breaking WebDAV servers (eg nzbdav) with strict path matching * list: fix nil pointer panic in Sorter when temp file creation fails * docs: update RELEASE procedure to avoid mistakes * docs: added text to the label showing version-introduced info * Start v1.73.3-DEV development * docs: update sponsors - Update to version 1.73.2: * Version v1.73.2 * Update to go 1.25.8 to fix multiple CVEs * build: update to golang.org/x/net v0.51.0 to fix CVE-2026-27141 #9220 * docs: fix new drive flag typo in changelog * webdav: add missing headers for CORS * docs: Document unsupported S3 object keys with double slashes * docs: note that --use-server-modtime only works on some backends * internxt: fix Entry doesn't belong in directory errors on windows * drime: fix chunk-uploaded files ignoring workspace ID * docs: Fix headers hierarchy for mount.md * webdav: escape reserved characters in URL path segments * bisync: add group Sync to the bisync command * archive: extract: strip "./" prefix from tar entry paths * docs: add instructions on how to update Go version * buid: update github.com/cloudflare/circl to v1.6.3 to fix CVE-2026-1229 * Start v1.73.2-DEV development - Update to version 1.73.1: * Version v1.73.1 * build: fix build using go 1.26.0 instead of go 1.25.7 * fs/march: fix runtime: program exceeds 10000-thread limit * accounting: fix missing server side stats from core/stats rc * pacer: re-read the sleep time as it may be stale * pacer: fix deadlock between pacer token and--max-connections * build: fix CVE-2025-68121 by updating go to 1.25.7 or later - fixes #9167 * drime: fix files and directories being created in the default workspace * docs: update sponsors * copyurl: Extend copyurl docs with an example of CSV FILENAMEs starting with a path. * internxt: implement re-login under refresh logic, improve retry logic - fixes #9174 * docs: add ExchangeRate-API as a sponsor * build: bump github.com/go-chi/chi/v5 from 5.2.3 to 5.2.5 to fix GO-2026-4316 * Set list_version to 2 for FileLu S3 configuration * filelu: add multipart upload support with configurable cutoff * filelu: add multipart init response type * filelu: add comment for response body wrapping * filelu: avoid buffering entire file in memory * docs: update sponsor logos * filen: fix potential panic in case of error during upload * filen: fix 32 bit targets not being able to list directories Fixes #9142 * Start v1.73.1-DEV development - Update to version 1.73.0: * Version v1.73.0 * drive: fix crash when trying to creating shortcut to a Google doc * azureblob,azurefiles: factor the common auth into a library * test: allow backends to return fs.ErrorCantListRoot to skip Root tests * build: add privatebeta Makefile target * docs: add Internxt as a sponsor * internxt: remove use of CVE laden github.com/disintegration/imaging * docs: fix Internxt docs after merge * docs: update making a new backend docs * docs: build overview page from the backend data * docs: add tiering to the documentation - fixes #8873 * docs: add data about each backend in YAML format * docs: add bin/manage_backends.py for managing the backend data files * internxt: use rclone's http.Client to enable more features * internxt: fix lint problems * Add StarHack to contributors * Add lullius to contributors * Add jzunigax2 to contributors * internxt:add Internxt backend - fixes #7610 * drive: add --drive-metadata-force-expansive-access flag - Fixes #8980 * test_all: allow drime more time to complete * onedrive: fix permissions on onedrive Personal * onedrive: fix require sign in for Onedrive Personal * onedrive: Onedrive Personal no longer supports description * onedrive: fix setting modification time on directories for onedrive Personal * onedrive: fix cancelling multipart upload * docs: fix WinFsp link in mount documentation * cmount: make work under OpenBSD - fixes #1727 * vfs: make mount tests run on OpenBSD * docs: improve alignment of icons * protondrive: update to use forks of upstream modules * Add hyusap to contributors * Add Nick Owens to contributors * Add Mikel Olasagasti Uranga to contributors * docs: fix googlephotos custom client_id instructions * cmount: fix OpenBSD mount support. * fs: fix bwlimit: correctly report minutes * fs: fix bwlimit: use %d instead of %q for ints * mega: reverts TLS workaround * docs: fix formatting * docs: add faq entry about re-enabling old TLS ciphers * Add Marc-Philip to contributors * Add yy to contributors * filen: swap to blake3 hashes * docs: fix echo command syntax for password input * docs: fix typos in comments and messages * docs: fix use of removed rem macro * uptobox: remove backend as service is no longer available * rc: add operations/hashsumfile to sum a single file only * docs: update sponsor link * filen: add Filen backend - Fixes #6728 * sftp: fix proxy initialisation * fstest: skip Copy mutation test with --sftp-copy-is-hardlink * fstest: Make Copy mutation test work properly * Add Qingwei Li to contributors * Add Nicolas Dessart to contributors * log: fix systemd adding extra newline - fixes #9086 * oracleobjectstorage, sftp: eliminate unnecessary heap allocation * sftp,ftp: add http proxyauthentication support * Add Drime backend * lib/rest: add opts.MultipartContentType to explicitly set Content-Type of attachements * dircache: allow empty string as root parent id * docs: update sponsors * s3: add provider Bizfly Cloud Simple Storage * docs: update sponsor logos * Add sys6101 to contributors * Add darkdragon-001 to contributors * Add vupn0712 to contributors * docs: add cloudinary to readme * docs: fix headers hierarchy in mount docs * s3: fix Copy ignoring storage class * serve s3: make errors in --s3-auth-key fatal - fixes #9044 * Add masrlinu to contributors * pcloud: add support for real-time updates in mount * memory: add --memory-discard flag for speed testing - fixes #9037 * Add vyv03354 to contributors * shade: Fix VFS test issues * docs: mention use of ListR feature in ls docs * build: bump actions/download-artifact from 6 to 7 * build: bump actions/upload-artifact from 5 to 6 * build: bump actions/cache from 4 to 5 * docs: reflects the fact that pCloud supports ListR * S3: Linode: updated endpoints to use ISO 3166-1 alpha-2 standard * sync: fix error propagation in tests (#9025) * Changelog updates from Version v1.72.1 * s3: add more regions for Selectel * Add jhasse-shade to contributors * Add Shade backend * log: fix backtrace not going to the --log-file #9014 * build: fix lint warning after linter upgrade * Add Jonas Tingeborn to contributors * Add Tingsong Xu to contributors * configfile: add piped config support - fixes #9012 * fs/log: fix PID not included in JSON log output * build: adjust lint rules to exclude new errors from linter update * proxy: fix error handling in tests spotted by the linter * Add Johannes Rothe to contributors * Add Leo to contributors * Add Vladislav Tropnikov to contributors * Add Cliff Frey to contributors * Add vicerace to contributors * b2: Fix listing root buckets with unrestricted API key * googlecloudstorage: improve endpoint parameter docs * serve webdav: implement download-directory-as-zip * s3: The ability to specify an IAM role for cross-account interaction * azureblob: add metadata and tags support across upload and copy paths * refactor: use strings.Cut to simplify code * docs: note where a provider has an S3 compatible alternative * Add Shade as sponsor * Add Duncan Smart to contributors * Add Diana to contributors * docs: Clarify OAuth scopes for readonly Google Drive access * b2: support authentication with new bucket restricted application keys * docs: update sponsor logos * docs: fix lint error in changelog * Start v1.73.0-DEV development - Update to version 1.72.1: * Version v1.72.1 * s3: add more regions for Selectel * log: fix backtrace not going to the --log-file #9014 * build: fix lint warning after linter upgrade * configfile: add piped config support - fixes #9012 * fs/log: fix PID not included in JSON log output * build: adjust lint rules to exclude new errors from linter update * proxy: fix error handling in tests spotted by the linter * googlecloudstorage: improve endpoint parameter docs * docs: note where a provider has an S3 compatible alternative * Add Shade as sponsor * docs: Clarify OAuth scopes for readonly Google Drive access * docs: update sponsor logos * docs: fix lint error in changelog * Start v1.72.1-DEV development - Update to version 1.72.0: * Version v1.72.0 * rc: fix formatting in job/batch * test speed: fix formatting of help * docs: update sponsor logos * build: bump actions/checkout from 5 to 6 * s3: add multi-part-upload support for If-Match and If-None-Match * rc: config/unlock: rename parameter to `configPassword` accept old as well * rc: correct names of parameters in job/list output * AddNikolay Kiryanov to contributors * rc: add `executeId` to job statuses - fixes #8972 * build: bump golang.org/x/crypto from 0.43.0 to 0.45.0 to fix CVE-2025-58181 * s3: fix single file copying behavior with low permission - Fixes #8975 * docs: onedrive: note how to backup up any user's data * Add Dominik Sander to contributors * Add jijamik to contributors * box: allow to configure with config file contents * http: add basic metadata and provide it via serve * ftp: fix transfers from servers that return 250 ok messages * b2: allow individual old versions to be deleted with --b2-versions - fixes #1626 * build: fix tls: failed to verify certificate: x509: negative serial number * Add Sean Turner to contributors * s3: add support for --upload-header If-Match and If-None-Match * fix: comment typos * dropbox: fix error moving just created objects - fixes #8881 * s3: add --s3-use-data-integrity-protections to fix BadDigest error in Alibaba, Tencent * rc: make sure fatal errors don't crash rclone - fixes #8955 * pacer: factor call stack searching into its own package * rc: add osVersion, osKernel and osArch to core/version * build: update all dependencies * build(deps): bump golangci/golangci-lint-action from 8 to 9 * webdav: fix out of memory with sharepoint-ntlm when uploading large file * testserver: fix owncloud test server startup * Add aliaj1 to contributors * ulozto: Fix downloads returning HTML error page * docs: adjust spectra logic example endpoint name * docs: update version introduced to v1.70 in doi docs * testserver: fix HDFS server after run.bash adjustments * testserver: remind developers about allocating a port * testserver: make run.bash variables less likely to collide with scripts * testserver: fix seafile servers messing up _connect string * testserver: make sure TestWebdavInfiniteScale uses an assignedport * testserver: make sure we don't overwrite the NAME variable set * Add n4n5 to contributors * Add Alex to contributors * Add Copilot to contributors * docs: update contributing docs regarding backend documentation * rc: add jobs stats * docs: fix alignment of some of the icons in the storage system dropdown * docs: run markdownlint on _index.md * docs: fix markdownlint issues and other styling improvements in backend command docs * docs: fix markdownlint issue md046/code-block-style in backend command docs * docs: fix missing punctuation in backend commands short description * docs: fix markdownlint issues in backend command generated output * build: improve backend docs autogenerated marker line * backend/compress: add zstd compression * sftp: fix zombie SSH processes with --sftp-ssh - Fixes #8929 * testserver: fix tests failing due to stopped servers * docs: add new integration tester site link * docs: update the method for running integration tests * bisync: fix failing tests * Add SublimePeace to contributors * b2: fix "expected a FileSseMode but found: ''" * docs: s3: clarify multipart uploads memory usage * test_all: fix detection of running servers * accounting: add AccountReadN for use in cluster * fs: add NonDefaultRC for discovering options in use * fs: move tests into correct files * rc: add NewJobFromBytes for reading jobs from non HTTP transactions * rc: add job/batch for sending batches of rc commands to run concurrently * Add Ted Robertson to contributors * Add Joseph Brownlee to contributors * Add fries1234 to contributors * Add Fawzib Rojas to contributors * Add Riaz Arbi to contributors * Add Lukas Krejci to contributors * Add Adam Dinwoodie to contributors * Add dulanting to contributors * docs: add AppArmor restrictions to rclone mount * check: improved reporting of differences insizes and contents * mega: implement 2FA login * docs: change to light code block style to better match overall theme * docs: fix various markdownlint issues * build: restrict the markdown languages to use for code blocks * docs: fix various markdownlint issues * docs: fix markdownlint issue md013/line-length * docs: change syntax hightlighting for command examples from sh to console * docs: Clarify remote naming convention * b2: Add Server-Side encryption support * Added rclone archive command to create and read archive files * accounting: add io.Seeker/io.ReaderAt support to accounting.Account * operations: add ReadAt method to ReOpen * fstest: add ResetRun to allow the remote to be reset in tests * gcs: fix --gcs-storage-class to work with server side copy for objects * ulozto: implement the about functionality * local: add --skip-specials to ignore special files * swift: Report disk usage in segment containers * refactor: use strings.Builder to improve performance * Archive backend to read archives on cloud storage. * vfs: remove unecessary import in tests to fix import cycles * Add Lakshmi-Surekha to contributors * Add Andrew Gunnerson to contributors * Add divinity76 to contributors * build: enable support for aix/ppc64 * rc: fix name of "queue" JSON key in docs for vfs/cache * cmount: windows: improve error message on missing winfsp * docs: add the Provider to the options examples in the backend docs * Add Aneesh Agrawal to contributors * Add viocha to contributors * Add reddaisyy to contributors * fs: remove unnecessary Seek call on log file * s3: make it easier to add new S3 providers * build(deps): bump actions/upload-artifact from 4 to 5 * build(deps): bump actions/download-artifact from 5 to 6 * ftp: fix SOCK proxy support - fixes #8892 (#8918) * webdav: Add Access-Control-Max-Age header for CORS preflight caching - fixes #5078 * webdav: use SpaceSepList to parse bearer token command * refactor: use strings.Builder to improve performance * docs: re-arrange sponsors page * docs: add Spectra Logic as a sponsor * Add Oleksandr Redko to contributors * build: enable all govet checks (except fieldalignment and shadow) and fix issues. * march: fix --no-traverse being very slow - fixes #8860 * Add vastonus to contributors * s3: add new FileLu S5 endpoints * build: remove obsolete build tag * azurefiles: add ListP interface - #4788 * dropbox: add ListP interface - #4788 * webdav: add ListP interface - #4788 * pcloud: add ListP interface - #4788 * box: add ListP interface - #4788 * onedrive: add ListP interface - #4788 * drive: add ListP interface - #4788 * Add hunshcn to contributors * webdav: optimize bearer token fetching with singleflight * Changelog updates from Version v1.71.2 * lib/http: cleanup indentation and other whitespace in http serve template * docs: improve formatting of http serve template parameters * build: stop markdown linter leaving behind docker containers * Add Marco Ferretti to contributors * s3: add cubbit as provider * s3: add servercore as a provider * docs: update sponsors * docs: update sponsor images * docs: update privacy policy with a section on user data * Add Dulani Woods to contributors * Add spiffytech to contributors * gcs: add region us-east5 - fixes #8863 * jottacloud: refactor service list from map to slice to get predefined order * jottacloud: added support for traditional oauth authentication also for the main service * oauthutil: improved debug logs from token refresh * backend: add S3 provider for Hetzner object storage #8183 * jottacloud: improved token refresh handling * s3: provider reordering * index: add missing providers * docs: add missing ` * s3:add rabata as a provider * mega: fix 402 payment required errors - fixes #8758 * Add Andrew Ruthven to contributors * Add Microscotch to contributors * Add iTrooz to contributors * build: Bump SwiftAIO container to a newer one * build: Retry stopping the test server * build: Increase attempts to connect to test server * swift: If storage_policy isn't set, use the root containers policy * proton: automated 2FA login with OTP secret key * serve s3: fix log output to remove the EXTRA messages * docs/jottacloud: update description of invalid_grant error according to changes * jottacloud: add support for MediaMarkt Cloud as a whitelabel service * s3: add FileLu S5 provider * docs: fix variants of --user-from-header * vfs: fix chunker integration test * test_all: give TestZoho: extra time as it has been timing out * test_all: give TestCompressDrive: extra time as it has been timing out * rclone config string: reduce quoting with Human rendering for strings #8859 * Add juejinyuxitu to contributors * docs/jottacloud: update documentation with new whitelabel services and changed configuration flow * jottacloud: abort attempts to run unsupported rclone authorize command * jottacloud: minor adjustment of texts in config ui * jottacloud: add support for Let's Go Cloud (from MediaMarkt) as a whitelabel service * jottacloud: fix authentication for whitelabel services from Elkjp subsidiaries * jottacloud: refactor config handling of whitelabel services to use openid provider configuration * jottacloud: remove nil error object from error message * jottacloud: fix legacy authentication * docs: add remote setup page to main docs dropdown * docs: update remote setup page * docs: add link from authorize command docs to remote setup docs * docs: lowercase internet and web browser instead of Internet browser * docs: use the termbackend name instead of fs name for authorize command * add `rclone config string` for making connection strings #8859 * config: add more human readable configmap.Simple output * serve http: download folders as zip * s3: reorder providers to be in alphabetical order * refactor: use strings.FieldsFuncSeq to reduce memory allocations * accounting: add SetMaxCompletedTransfers method to fix bisync race #8815 * accounting: add RemoveDoneTransfers method to fix bisync race #8815 * bisync: fix race when CaptureOutput is used concurrently #8815 * build: update all dependencies * Makefile: remove deprecated go mod usage * azurefiles: Fix server side copy not waiting for completion - fixes #8848 * Changelog updates from Version v1.71.1 * test_all: fix branch name in test report * pacer: fix deadlock with --max-connections * Revert "azureblob: fix deadlock with --max-connections with InvalidBlockOrBlob errors" * Add Youfu Zhang to contributors * Add Matt LaPaglia to contributors * smb: optimize smb mount performance by avoiding stat checks during initialization * pikpak: fix unnecessary retries by using URL expire parameter - fixes #8601 * serve http: fix: logging url on start * docs: fix typo * b2: fix 1TB+ uploads * march: fix deadlock when using --fast-list on syncs - fixes #8811 * build: slices.Contains, added in go1.21 * build: use strings.CutPrefix introduced in go1.20 * build: use sequence Split introduced in go1.24 * build: use "for i := range n", added in go1.22 * build: modernize benchmark usage * build: in tests use t.Context, added in go1.24 * build: replace interface{} by the 'any' type added in go1.18 * build: use the built-in min or max functions added in go1.21 * Add russcoss to contributors * build: remove x := x made unnecessary by the new semantics of loops in go1.22 * lib/pool: fixunreliable TestPoolMaxBufferMemory test * Update S-Pegg1 email * Add Jean-Christophe Cura to contributors * pool: fix flaky unreliability test * copyurl: reworked code, added concurrency and tests * copyurl: Added --url to read urls from csv file - #8127 * docs: HDFS: erasure coding limitation #8808 * fstest: fix slice bounds out of range error when using -remotes local * local: fix time zones on tests * s3: added SpectraLogic as a provider * local: fix rmdir "Access is denied" on windows - fixes #8363 * bisync: fix error handling for renamed conflicts * docs: pcloud: update root_folder_id instructions * operations: fix partial name collisions for non --inplace copies * drive: docs: update making your own client ID instructions * swift: add ListP interface - #4788 * memory: add ListP interface - #4788 * oraceobjectstorage: add ListP interface - #4788 * B2: add ListP interface - #4788 * azureblob: add ListP interface - #4788 * googlecloudstorage: add ListP interface - Fixes #8763 * build: bump actions/github-script from 7 to 8 * build: bump actions/setup-go from 5 to 6 * bisync: fix chunker integration tests * bisync: fix koofr integration tests * internetarchive: fix server side copy files with spaces * lib/rest: add URLPathEscapeAll to URL escape as many chars as possible * Add alternate email for dougal to contributors * test speed: add command to test a specified remotes speed * docs: add link to MEGA S4 from MEGA page * Add Robin Rolf to contributors * Add anon-pradip to contributors * s3: Add Intercolo provider * gendocs: refactor and add logging of skipped command docs * gendocs: ignore missing rclone_mount.md, rclone_nfsmount.md, rclone_serve_nfs.md on windows * bin: add bisync.md generator * fstest: refactor to decouple package from implementation * gendocs: ignore missing rclone_mount.md on macOS * bisync:ignore expected "nothing to transfer" differences on tests * bisync: fix TestBisyncConcurrent ignoring -case * bisync: make number of parallel tests configurable * docs: clarify subcommand description in rclone usage * docs: fix description of regex syntax of name transform * docs: add some more details about supported regex syntax * makefile: fix lib/transform docs not getting updated * lib/pool: fix flaky test which was causing timeouts * Add dougal to contributors * vfs: fix SIGHUP killing serve instead of flushing directory caches * bisync: use unique stats groups on tests * fstest: stop errors in test cleanup changing the global stats * Add Motte to contributors * Add Claudius Ellsel to contributors * build: add local markdown linting to make check * lsf: add support for unix and unixnano time formats * docs: remove broken links from rc to commands * hashsum: changed output format when listing algorithms * docs: add example of how to add date as suffix * box: fix about after change in API return - fixes #8776 * Add skbeh to contributors * Add Tilman Vogel to contributors * docs: fix incorrectly escaped windows path separators * build: restore error handling in gendocs * combine: propagate SlowHash feature * docs/oracleobjectstorage: add introduction before external links and remove broken link * docs: fix markdown lint issues in backend docs * docs: fix markdown lint issues in command docs * docs: update markdown code block json indent size 2 * mount: do not log successful unmount as an error - fixes #8766 * Start v1.72.0-DEV development - Update to version 1.71.2: * Version v1.71.2 * docs: update sponsors * docs: update sponsor images * docs: update privacy policy with a section on user data * gcs: add region us-east5 - fixes #8863 * index: add missing providers * docs: add missing ` * mega: fix 402 paymentrequired errors - fixes #8758 * docs: fix variants of --user-from-header * docs: add remote setup page to main docs dropdown * docs: update remote setup page * docs: add link from authorize command docs to remote setup docs * docs: lowercase internet and web browser instead of Internet browser * docs: use the term backend name instead of fs name for authorize command * bisync: fix race when CaptureOutput is used concurrently #8815 * azurefiles: Fix server side copy not waiting for completion - fixes #8848 * pikpak: fix unnecessary retries by using URL expire parameter - fixes #8601 * serve http: fix: logging url on start * docs: fix typo * b2: fix 1TB+ uploads * Start v1.71.2-DEV development - Update to version 1.71.1: * Version v1.71.1 * pacer: fix deadlock with --max-connections * Revert "azureblob: fix deadlock with --max-connections with InvalidBlockOrBlob errors" * march: fix deadlock when using --fast-list on syncs - fixes #8811 * docs: HDFS: erasure coding limitation #8808 * local: fix rmdir "Access is denied" on windows - fixes #8363 * bisync: fix error handling for renamed conflicts * docs: pcloud: update root_folder_id instructions * operations: fix partial name collisions for non --inplace copies * drive: docs: update making your own client ID instructions * internetarchive: fix server side copy files with spaces * lib/rest: add URLPathEscapeAll to URL escape as many chars as possible * docs: add link to MEGA S4 from MEGA page * docs: clarify subcommand description in rclone usage * docs: fix description of regex syntax of name transform * docs: add some more details about supported regex syntax * makefile: fix lib/transform docs not getting updated * vfs: fix SIGHUP killing serve instead of flushing directory caches * docs: remove broken links from rc to commands * docs: add example of how to add date assuffix * box: fix about after change in API return - fixes #8776 * docs: fix incorrectly escaped windows path separators * build: restore error handling in gendocs * combine: propagate SlowHash feature * docs/oracleobjectstorage: add introduction before external links and remove broken link * docs: fix markdown lint issues in backend docs * docs: fix markdown lint issues in command docs * docs: update markdown code block json indent size 2 * mount: do not log successful unmount as an error - fixes #8766 * Start v1.71.1-DEV development - Update to version 1.71.0: * Version v1.71.0 * fs: tls: add --client-pass support for encrypted --client-key files * ftp: make TLS config default to global TLS config - Fixes #6671 * fshttp: return *Transport rather than http.RoundTripper from NewTransport * bisync: release from beta * bisync: fix markdown formatting issues flagged by linter in docs * bisync: fix --no-slow-hash settings on path2 * Add cui to contributors * docs: add code of conduct * lib/mmap: convert to using unsafe.Slice to avoid deprecated reflect.SliceHeader * build: bump golangci/golangci-lint-action from 6 to 8 * build: update golangci-lint configuration * build: ignore revive lint issue var-naming: avoid meaningless package names * build: fix lint issue: should omit type error from declaration * Revert "build: downgrade linter to use go1.24 until it is fixed for go1.25" * build: migrate golangci-lint configuration to v2 format * s3: add --s3-use-arn-region flag - fixes #8686 * Add Binbin Qian to contributors * Add Lucas Bremgartner to contributors * docs: add tips about outdated certificates * FAQ: specify the availability of SSL_CERT_* env vars * pikpak: add file name integrity check during upload * bisync: skip TestBisyncConcurrent on non-local * internetarchive: fix server side copy files with & * Revert "s3: set useAlreadyExists to false for Alibaba OSS" * Add huangnauh to contributors * smb: improve multithreaded upload performance using multiple connections * bisync: fix data races on tests * bisync: remove unused parameters * bisync: deglobalize to fix concurrent runs via rc - fixes #8675 * mount: fix identification of symlinks in directory listings * s3: fix Content-Type: aws-chunked causing upload errors with --metadata * config: fix problem reading pasted tokens over 4095 bytes * config: fix test failure on local machine with a config file * log: add log rotation to --log-file - fixes #2259 * accounting: Fix stats (speed=0 and eta=nil) when starting jobs via rc * docs: update overview table for oracle object storage * Add praveen-solanki-oracle to contributors * oracleobjectstorage: add read only metadata support - Fixes #8705 * doc: sync doesn't symlinks in dest without --link - Fixes #8749 * s3: sort providers in docs * s3: add docs for Exaba Object Storage * azureblob: fix double accounting for multipart uploads - fixes #8718 * pool: fix deadlock with --max-buffer-memory * azureblob: fix deadlock with --max-connections with InvalidBlockOrBlob errors * build: downgrade linter to use go1.24 until it is fixed for go1.25 * build: update all dependencies * build: update to go1.25 and make go1.24 the minimum required version * Add Timothy Jacobs to contributors * bisync: fix time.Local data race on tests - fixes #8272 * googlecloudstorage: fix rateLimitExceeded error on bisync tests * accounting: populate transfer snapshot with "what" value * build(deps): bump actions/checkout from 4 to 5 * build(deps): bump actions/download-artifact from 4 to 5 * googlecloudstorage: enable bisync integration tests * fstest: fix parsing of commas in -remotes * azurefiles: fix hash getting erased when modtime is set * bisync: disable--sftp-copy-is-hardlink on sftp tests * local: fix --copy-links on Windows when listing Junction points * operations: fix too many connections open when using --max-memory * pool: fix deadlock with --max-memory and multipart transfers * pool: unify memory between multipart and asyncreader to use one pool * docs: update links to rcloneui * docs: add MEGA S4 as a gold sponsor * about: fix potential overflow of about in various backends * box: fix about: cannot unmarshal number 1.0e+18 into Go struct field * oauthutil: fix nil pointer crash when started with expired token * rc: listremotes should send an empty array instead of nil * config: add error if RCLONE_CONFIG_PASS was supplied but didn't decrypt config * rc: add config/unlock to unlock the config file * ftp: allow insecure TLS ciphers - fixes #8701 * s3: set useAlreadyExists to false for Alibaba OSS * docs: update sponsors page * fs: allow global variables to be overriden or set on backend creation * fs: allow setting of --http_proxy from command line * tests: cloudinary: remove test ignore after merging fix from #8707 * Add Antonin Goude to contributors * Add Yu Xin to contributors * Add houance to contributors * Add Florent Vennetier to contributors * Add n4n5 to contributors * Add Albin Parou to contributors * Add liubingrun to contributors * sync: fix testLoggerVsLsf when backend only reads modtime * sync: fix testLoggerVsLsf checking wrong fs * docs: fix make opengraph tags absolute as not all sites understand relative * docs: update contributing guide regarding markdown documentation * build: add markdown linting to workflow * build: add markdownlint configuration * docs: minor format cleanup install.md * docs: fix markdownlint issue md049/emphasis-style * docs: fix markdownlint issue md036/no-emphasis-as-heading * docs: fix markdownlint issue md033/no-inline-html * docs: fix markdownlint issue md025/single-title * docs: fix markdownlint issue md041/first-line-heading * docs: fix markdownlint issue md001/heading-increment * docs: fix markdownlint issue md003/heading-style * docs: fix markdownlint issue md034/no-bare-urls * docs: fix markdownlint issue md010/no-hard-tabs * docs: fix markdownlint issue md013/line-length * docs: fix markdownlint issue md038/no-space-in-code * docs: fix markdownlint issue md040/fenced-code-language * docs: fix markdownlint issue md046/code-block-style * docs: fix markdownlint issue md037/no-space-in-emphasis * docs: fix markdownlint issue md059/descriptive-link-text * docs: fix markdownlint issues md007/ul-indent md004/ul-style * docs: fix markdownlint issue md012/no-multiple-blanks * docs: fix markdownlint issue md058/blanks-around-tables * docs: fix markdownlint issue md022/blanks-around-headings * docs: fix markdownlint issue md031/blanks-around-fences * docs: fix markdownlint issue md032/blanks-around-lists * docs: fix markdownlint issue md009/no-trailing-spaces * docs: fix markdownlint issue md014/commands-show-output * docs: fix markdownlint issues md007/ul-indent md004/ul-style (bin/update-authors.py) * docs: fix markdownlint issues md007/ul-indent md004/ul-style (authors.md) * docs: add opengraph tags for website social media previews * mount: note that bucket based remotes can use directory markers * pikpak: add docs for methods to clarify name collision handling and restrictions * pikpak: enhance Copy method to handle name collisions and improve error management * pikpak: enhance Move for better handling of error and name collision * accounting: fix incorrect stats with --transfers=1 - fixes #8670 * rc: fix `operations/check` ignoring `oneWay` parameter * s3: add OVHcloud Object Storage provider * docs: rc: fix description of how to read local config * build: limit check for edits of autogenerated files to only commits in a pull request * build: extend check for edits of autogenerated files to all commits in a pull request * smb: refresh Kerberos credentials when ccache file changes * s3: fix multipart upload and server side copy when using bucket policy SSE-C * backend/s3: Fix memory leak by cloning strings #8683 * purge: exit with a fatal error if filters are set on `rclone purge` * docs: Add Backblaze as a Platinum sponsor * Add Sam Pegg to contributors * googlephotos: added warning for Google Photos compatability-fixes #8672 * test: remove flakey TestChunkerChunk50bYandex: test * docs: Consolidate entries for Josh Soref in contributors * docs: remove dead link to example of writing a plugin * filescom: document that hashes need to be enabled - fixes #8674 * Add Sudipto Baral to contributors * docs: fix incorrect json syntax in sample output * docs: ignore author email piyushgarg80 * docs: fix header level for --dump option section * docs: use stringArray as parameter type * docs: use consistent markdown heading syntax * imagekit: remove server side Copy method as it was downloading and uploading * imagekit: don't low level retry uploads * imagekit: return correct error when attempting to upload zero length files * smb: add --smb-kerberos-ccache option to set kerberos ccache per smb backend * test: fix smb kerberos integration tests * Changelog updates from Version v1.70.3 * config: make parsing of duration options consistent * docs: cleanup usage * docs: break long lines * docs: add option value type to header where missing * docs: mention that identifiers in option values are case insensitive * docs: rewrite dump option examples * docs: use markdown inline code format for dump option headers that are real examples * docs: change spelling fromserver side to server-side * docs: cleanup header casing * docs: rename OSX to macOS * docs: fix list and code block issue * docs: consistent markdown list format * docs: split section with general description of options with that documenting actual main options * docs: improve description of option types * docs: use space instead of equal sign to separate option and value in headers * docs: use comma to separate short and long option format in headers * docs: remove use of uncommon parameter types * docs: remove use of parameter type FILE * docs: remove use of parameter type DIR * docs: remove use of parameter type CONFIG_FILE * docs: change use of parameter type N and NUMBER to int consistent with flags and cli help * docs: change use of parameter type TIME to Duration consistent with flags and cli help * docs: change use of parameter type BANDWIDTH_SPEC to BwTimetable consistent with flags and cli help * docs: change use of parameter type SIZE to SizeSuffix consistent with flags and cli help * docs: cleanup markdown header format * docs: explain separated list parameters * azureblob: fix server side copy error "requires exactly one scope" * test: remove and ignore failing integration tests * docs: explain the json log format in more detail * check: fix difference report (was reporting error counts) * serve sftp: add support for more hashes (crc32, sha256, blake3, xxh3, xxh128) * serve sftp: extract function refactoring for handling hashsum commands * sftp: add support for more hashes (crc32, sha256, blake3, xxh3, xxh128) * local: configurable supported hashes * hash: add support for BLAKE3, XXH3, XXH128 * vfs: make integration TestDirEntryModTimeInvalidation test more reliable * smb: skip non integration tests when doing integration tests * seafile: fix integration test errors by adding dot to encoding * linkbox: fix upload error "user upload file not exist" * build: remove integration tests which are too slow * march: fix deadlock when using --no-traverse - fixes #8656 * pikpak: improve error handling for missing links and unrecoverable 500s * pikpak: rewrite upload to bypass AWS S3 manager - fixes #8629 * test: fix TestSMBKerberos password expiring errors * Add Vikas Bhansali to contributors * Add Ross Smith II to contributors * azureblob,azurefiles: add support for client assertion based authentication * webdav: fix setting modtime to that of local object instead of remote * build: set default shell to bash in build.yml * docs: fix filescom/filelu link mixup * Add Davide Bizzarri to contributors * fix: b2 versionAt read metadata * test: make TestWebdavInfiniteScale startup more reliable * test_all: add _connect_delay for slow starting servers * docs: update link for filescom * test_all: make TestWebdav InfiniteScale integration tests run * test_all: make SMB with Kerberos integration tests run properly * test_all: allow an env parameter to set environment variables * Changelog updates from Version v1.70.2 * Add Ali Zein Yousuf to contributors * Add $@M@RTH_ to contributors * docs: update client ID instructions to current Azure AD portal - fixes #8027 * s3: add Zata provider * pacer: fix nil pointer deref in RetryError - fixes #8077 * docs: Remove Warp as a sponsor * docs: add files.com as a Gold sponsor * docs: add links to SecureBuild docker image * Add curlwget to contributors * convmv: fix moving to unicode-equivalent name - fixes #8634 * transform: add truncate_keep_extension and truncate_bytes * convmv: make --dry-run logs less noisy * sync: avoid copying dir metadata to itself * docs: fix some function names in comments * combine: fix directory not found errors with ListP interface - Fixes #8627 * local:fix --skip-links on Windows when skipping Junction points * Add Marvin Rsch to contributors * build: bump github.com/go-chi/chi/v5 from 5.2.1 to 5.2.2 to fix GHSA-vrw8-fxc6-2r93 * copy,copyto,move,moveto: implement logger flags to store result of sync * log: fix deadlock when using systemd logging - fixes #8621 * docs: googlephotos: detail how to make your own client_id - fixes #8622 * Add necaran to contributors * mega: fix tls handshake failure - fixes #8565 * Changelog updates from Version v1.70.1 * Add jinjingroad to contributors * docs: DOI grammar error * docs: lib/transform: cleanup formatting * lib/transform: avoid empty charmap entry * chore: fix function name * convmv: fix spurious "error running command echo" on Windows * docs: client-credentials is not support by all backends * Start v1.71.0-DEV development - Update to version 1.70.3: * Version v1.70.3 * azureblob: fix server side copy error "requires exactly one scope" * docs: explain the json log format in more detail * check: fix difference report (was reporting error counts) * linkbox: fix upload error "user upload file not exist" * march: fix deadlock when using --no-traverse - fixes #8656 * pikpak: improve error handling for missing links and unrecoverable 500s * webdav: fix setting modtime to that of local object instead of remote * fix: b2 versionAt read metadata * Start v1.70.3-DEV development * docs: fix filescom/filelu link mixup * docs: update link for filescom - Update to version 1.70.2: * Version v1.70.2 * docs: update client ID instructions to current Azure AD portal - fixes #8027 * mega: fix tls handshake failure - fixes #8565 * pacer: fix nil pointer deref in RetryError - fixes #8077 * convmv: fix moving to unicode-equivalent name - fixes #8634 * convmv: make --dry-run logs less noisy * sync: avoid copying dir metadata to itself *combine: fix directory not found errors with ListP interface - Fixes #8627 * local: fix --skip-links on Windows when skipping Junction points * build: bump github.com/go-chi/chi/v5 from 5.2.1 to 5.2.2 to fix GHSA-vrw8-fxc6-2r93 * log: fix deadlock when using systemd logging - fixes #8621 * docs: googlephotos: detail how to make your own client_id - fixes #8622 * pikpak: fix uploads fail with "aws-chunked encoding is not supported" error * Start v1.70.2-DEV development * docs: Remove Warp as a sponsor * docs: add files.com as a Gold sponsor * docs: add links to SecureBuild docker image - Update to version 1.70.1: * Version v1.70.1 * docs: DOI grammar error * docs: lib/transform: cleanup formatting * lib/transform: avoid empty charmap entry * chore: fix function name * convmv: fix spurious "error running command echo" on Windows * docs: client-credentials is not support by all backends * Start v1.70.1-DEV development - Update to version 1.70.0: * Version v1.70.0 * ftp: add --ftp-http-proxy to connect via HTTP CONNECT proxy * pcloud: fix "Access denied. You do not have permissions to perform this operation" on large uploads * operations: fix TransformFile when can't server-side copy/move * fstest: fix -verbose flag after logging revamp * googlecloudstorage: fix directory marker after // changes in #5858 * s3: fix directory marker after // changes in #5858 * azureblob: fix directory marker after // changes in #5858 * tests: ignore some more habitually failing tests * googlephotos: fix typo in error message - Fixes #8600 * s3: MEGA S4 support * Add Ser-Bul to contributors * chunker: fix double-transform * docs: mailru: added note about permissions level choice for the apps password * tests: ignore habitually failing tests and backends * docs: link to asciinema rather than including the js * docs:target="_blank" must have rel="noopener" * sync: fix testLoggerVsLsf when dst is local * docs: fix FileLu docs * build: update all dependencies * onedrive: fix crash if no metadata was updated * Add kingston125 to contributors * Add Flora Thiebaut to contributors * Add FileLu cloud storage backend * doi: add new doi backend * build: fix check_autogenerated_edits.py flagging up files that didn't exist * docs: rc: add more info on how to discover _config and _filter parameters #8584 * s3: add Exaba provider * convmv: add convmv command * lib/transform: add transform library and --name-transform flag * march: split src and dst * Add ahxxm to contributors * Add Nathanael Demacon to contributors * b2: use file id from listing when not presented in headers - fixes #8113 * fs: fix goroutine leak and improve stats accounting process * march: fix syncing with a duplicate file and directory * Add PrathameshLakawade to contributors * Add Oleksiy Stashok to contributors * docs: fix page_facing_up typo next to Lyve Cloud in README.md * backend/s3: require custom endpoint for Lyve Cloud v2 support * backend: skip hash calculation when the hashType is None - fixes #8518 * azureblob: fix multipart server side copies of 0 sized files * Add Jeremy Daer to contributors * Add wbulot to contributors * s3: add Pure Storage FlashBlade provider support (#8575) * backend/gofile: update to use new direct upload endpoint * log: add --windows-event-log-level to support Windows Event Log * fs: Remove github.com/sirupsen/logrus and replace with log/slog * Add fhuber to contributors * cmd serve s3: fix ListObjectsV2 response * Changelog updates from Version v1.69.3 * onedrive: re-add --onedrive-upload-cutoff flag * onedrive: fix "The upload session was not found" errors * Add Germn Casares to contributors * Add Jeff Geerling tocontributors * googlephotos: update read only and read write scopes to meet Google's requirements. * build: update github.com/ebitengine/purego to v0.8.3 to fix mac_amd64 build * docs: add hint about config touch and config file not found * docs: add FAQ for dismissing 'rclone.conf not found' * docs: document how to keep an out of tree backend * Add Clment Wehrung to contributors * iclouddrive: fix panic and files potentially downloaded twice * docs: move --max-connections documentation to the correct place * Add Ben Boeckel to contributors * Add Tho Neyugn to contributors * docs: fix typo in s3/storj docs * serve s3: remove redundant handler initialization * Changelog updates from Version 1.69.2 * sftp: add --sftp-http-proxy to connect via HTTP CONNECT proxy * Add Jugal Kishore to contributors * docs: correct SSL docs anchor link from #ssl-tls to #tls-ssl * drive: metadata: fix error when setting copy-requires-writer-permission on a folder * docs: Update contributors * build: bump golang.org/x/net from 0.36.0 to 0.38.0 * Update README.md * docs: fix typos via codespell * webdav: add an ownCloud Infinite Scale vendor that enables tus chunked upload support * onedrive: fix metadata ordering in permissions * Add Ben Alex to contributors * Add simwai to contributors * iclouddrive: fix so created files are writable * cmd/authorize: show required arguments in help text * cloudinary: var naming convention - #8416 * cloudinary: automatically add/remove known media files extensions #8416 * Add Markus Gerstel to contributors * Add Enduriel to contributors * Add huanghaojun to contributors * Add simonmcnair to contributors * Add Samantha Bowen to contributors * s3: documentation regression - fixes #8438 * hash: add SHA512 support for file hashes * vfs: fix inefficient directory caching when directory reads areslow * docs: update fuse version in docker docs * fs/config: Read configuration passwords from stdin even when terminated with EOF - fixes #8480 * cmd/gitannex: Reject unknown layout modes in INITREMOTE * cmd/gitannex: Add configparse.go and refactor * cmd/gitannex: Permit remotes with options * serve ftp: add serve rc interface * serve sftp: add serve rc interface * serve restic: add serve rc interface * serve s3: add serve rc interface * serve dlna: add serve rc interface * serve webdav: add serve rc interface - fixes #4505 * serve http: add serve rc interface * serve nfs: add serve rc interface * serve: Add rc control for serve commands #4505 * configstruct: add SetAny to parse config from the rc * rc: In options/info make FieldName contain a "." if it should be nested * serve restic: convert options to new style * serve s3: convert options to new style * serve http: convert options to new style * serve webdav: convert options to new style * auth proxy: convert options to new style * auth proxy: add VFS options parameter for use for default VFS * serve: make the servers self registering * lib/http: fix race between Serve() and Shutdown() * lib/http: add Addr() method to return the first configured server address * Add Danny Garside to contributors * docs: fix minor typo in box docs * sync: implement --list-cutoff to allow on disk sorting for reduced memory use * march: Implement callback based syncing * list: add ListDirSortedFn for callback oriented directory listing * list: Implement Sorter to sort directory entries * cache: mark ListP as not supported yet * hasher: implement ListP interface * compress: implement ListP interface * chunker: mark ListP as not supported yet * union: mark ListP as not supported yet * crypt: implement ListP interface * combine: implement ListP interface * s3:Implement paged listing interface ListP * list: add WithListP helper to implement List for ListP backends * walk: move NewListRHelper into list.Helper to avoid circular dependency * fs: define ListP interface for paged listing #4788 * accounting: Add listed stat for number of directory entries listed * walk: factor Listing helpers into their own file and add tests * serve nfs: make metadata files have special file handles * serve nfs: change the format of --nfs-cache-type symlink file handles * vfs: add --vfs-metadata-extension to expose metadata sidecar files * docs: Add rcloneui.com as Silver Sponsor * Add Klaas Freitag to contributors * Add eccoisle to contributors * Add Fernando Fernndez to contributors * Add alingse to contributors * Add Jrn Friedrich Dreyer to contributors * docs: replace option --auto-filename-header with --header-filename * build: update github.com/golang-jwt/jwt/v5 from 5.2.1 to 5.2.2 to fix CVE-2025-30204 * docs/googlephotos: fix typos * build: bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 * operations: fix call fmt.Errorf with wrong err * webdav: retry propfind on 425 status * Add --max-connections to control maximum backend concurrency * rc: fix debug/* commands not being available over unix sockets * cmd/gitannex: Prevent tests from hanging when assertion fails * cmd/gitannex: Add explicit timeout for mock stdout reads in tests * http: correct root if definitely pointing to a file - fixes #8428 * pool: add --max-buffer-memory to limit total buffer memory usage * filter: Add `--hash-filter` to deterministically select a subset of files * build: update golang.org/x/net to 0.36.0. to fix CVE-2025-22869 * rc: add add short parameter to core/stats to not return transferring and checking * fs: fix corruption of SizeSuffix with "B" suffix in config (eg --min-size) * filters: show --min-size and--max-size in --dump filters * build: check docs for edits of autogenerated sections * Add jack to contributors * docs: fix incorrect mentions of vfs-cache-min-free-size * fs/object: fix memory object out of bounds Seek * serve nfs: fix unlikely crash * docs: update minimum OS requirements for go1.24 * cmd/gitannex: Tweak parsing of "rcloneremotename" config * cmd/gitannex: Drop var rebindings now that we have go1.23 * docs: add note for using rclone cat for slicing out a byte range from a file * rcserver: improve content-type check * build: modernize Go usage * build: update all dependencies and fix deprecations * build: update golang.org/x/crypto to v0.35.0 to fix CVE-2025-22869 * build: make go1.23 the minimum go version * cmd/gitannex: Add to integration tests * cmd/gitannex: Simplify verbose failures in tests * cmd/gitannex: Port unit tests to fstest * vfs: fix integration test failures * azureblob: fix errors not being retried when doing single part copy * azureblob: handle retry error codes more carefully * touch: make touch obey --transfers * Add luzpaz to contributors * Add Dave Vasilevsky to contributors * docs: fix various typos * dropbox: Retry link without expiry * Dropbox: Support Dropbox Paper * chore: update contributor email * docs: correct stable release workflow * Add Lorenz Brun to contributors * Add Michael Kebe to contributors * vfs: fix directory cache serving stale data * build: fix docker plugin build - fixes #8394 * docs: improved sftp limitations * Changelog updates from Version v1.69.1 * docs: add FileLu as sponsors and tidy sponsor logos * accounting: fix percentDiff calculation -- fixes #8345 * vfs: fix the cache failing to upload symlinks when --links was specified * Add jbagwell-akamai to contributors * Add ll3006 to contributors * doc: add note on concurrency of rclonepurge * s3: add latest Linode Object Storage endpoints * cmd: fix crash if rclone is invoked without any arguments - Fixes #8378 * build: disable docker builds on PRs & add missing dockerfile changes * sync: copy dir modtimes even when copyEmptySrcDirs is false - fixes #8317 * sync: add tests to check dir modtimes are kept when syncing * fix golangci-lint errors * bisync: fix false positive on integration tests * s3: split the GCS quirks into -s3-use-x-id and -s3-sign-accept-encoding #8373 * Add Joel K Biju to contributors * stats: fix the speed not getting updated after a pause in the processing * opendrive: added --opendrive-access flag to handle permissions * bisync: fix listings missing concurrent modifications - fixes #8359 * Added parallel docker builds and caching for go build in the container * smb: improve connection pooling efficiency * lib/oauthutil: fix redirect URL mismatch errors - fixes #8351 * b2: fix "fatal error: concurrent map writes" - fixes #8355 * Add Alexander Minbaev to contributors * Add Zachary Vorhies to contributors * Add Jess to contributors * s3: add IBM IAM signer - fixes #7617 * serve nfs: update docs to note Windows is not supported - fixes #8352 * cmd/config(update remote): introduce --no-output option * s3: add DigitalOcean regions SFO2, LON1, TOR1, BLR1 * sync: fix cpu spinning when empty directory finding with leading slashes * s3: fix handling of objects with // in #5858 * azureblob: fix handling of objects with // in #5858 * fstest: add integration tests objects with // on bucket based backends #5858 * fs/list: tweak directory listing assertions after allowing // names * lib/bucket: fix tidying of // in object keys #5858 * lib/bucket: add IsAllSlashes function * azureblob: remove uncommitted blocks on InvalidBlobOrBlock error * azureblob: implement multipart server side copy *azureblob: speed up server side copies for small files #8249 * azureblob: cleanup uncommitted blocks on upload errors * azureblob: factor readMetaData into readMetaDataAlways returning blob properties * Add b-wimmer to contributors * azurefiles: add --azurefiles-use-az and --azurefiles-disable-instance-discovery * onedrive: mark German (de) region as deprecated * Add Trevor Starick to contributors * Add hiddenmarten to contributors * Add Corentin Barreau to contributors * Add Bruno Fernandes to contributors * Add Moises Lima to contributors * Add izouxv to contributors * Add Robin Schneider to contributors * Add Tim White to contributors * Add Christoph Berger to contributors * azureblob: add support for `x-ms-tags` header * rc: disable the metrics server when running `rclone rc` * internetarchive: add --internetarchive-metadata="key=value" for setting item metadata * lib/batcher: Deprecate unused option: batch_commit_timeout * s3: Added new storage class to magalu provider * http servers: add --user-from-header to use for authentication * b2: add SkipDestructive handling to backend commands - fixes #8194 * vfs: close the change notify channel on Shutdown * Docker image: Add label org.opencontainers.image.source for release notes in Renovate dependency updates * docs: add OneDrive Impersonate instructions - fixes #5610 * docs: explain the stringArray flag parameter descriptor * iclouddrive: add notes on ADP and Missing PCS cookies - fixes #8310 * docs: fix typos found by codespell in docs and code comments * fs: fix confusing "didn't find section in config file" error * vfs: fix race detected by race detector * Add Jonathan Giannuzzi to contributors * Add Spencer McCullough to contributors * Add Matt Ickstadt to contributors * smb: add support for kerberos authentication * drive: added `backend moveid` command *docs: fix reference to serves3 setting disable_multipart_uploads which was renamed * docs: fix link to Rclone Serve S3 * serve s3: fix list objects encoding-type * build: update gopkg.in/yaml.v2 to v3 * build: update all dependencies * bisync: fix go vet problems with go1.24 * build: update to go1.24rc1 and make go1.22 the minimum required version * version: add --deps flag to show dependencies and other build info * doc: make man page well formed for whatis - fixes #7430 * Start v1.70.0-DEV development Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2026-151=1 - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2026-151=1 Package List: - openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64): rclone-1.73.5-bp157.2.3.1 rclone-debuginfo-1.73.5-bp157.2.3.1 - openSUSE Backports SLE-15-SP7 (noarch): rclone-bash-completion-1.73.5-bp157.2.3.1 rclone-zsh-completion-1.73.5-bp157.2.3.1 - openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64): rclone-1.73.5-bp156.2.6.1 - openSUSE Backports SLE-15-SP6 (noarch): rclone-bash-completion-1.73.5-bp156.2.6.1 rclone-zsh-completion-1.73.5-bp156.2.6.1 References: https://www.suse.com/security/cve/CVE-2023-45286.html https://www.suse.com/security/cve/CVE-2023-45288.html https://www.suse.com/security/cve/CVE-2023-48795.html https://www.suse.com/security/cve/CVE-2024-24786.html https://www.suse.com/security/cve/CVE-2024-45337.html https://www.suse.com/security/cve/CVE-2024-45338.html https://www.suse.com/security/cve/CVE-2024-51744.html https://www.suse.com/security/cve/CVE-2024-52522.html https://www.suse.com/security/cve/CVE-2025-22869.html https://www.suse.com/security/cve/CVE-2025-22870.html https://www.suse.com/security/cve/CVE-2025-30204.html https://www.suse.com/security/cve/CVE-2025-58181.html https://www.suse.com/security/cve/CVE-2025-68121.html https://www.suse.com/security/cve/CVE-2026-1229.html https://www.suse.com/security/cve/CVE-2026-27141.html https://www.suse.com/security/cve/CVE-2026-33186.html https://www.suse.com/security/cve/CVE-2026-41176.html https://www.suse.com/security/cve/CVE-2026-41179.html https://bugzilla.suse.com/1140423 https://bugzilla.suse.com/1232964 https://bugzilla.suse.com/1233422 https://bugzilla.suse.com/1262438 https://bugzilla.suse.com/1262439 . Critical security update for rclone in openSUSE addressing multiple vulnerabilities requiring immediate action.. openSUSE Security,rclone patch,severe vulnerability fix,multiple vulnerabilities. . Severity: Critical. LinuxSecurity.com Team
Apr 24, 2026
•Critical
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!