Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package traefik2 for openSUSE:Factory checked in at 2025-06-06 22:45:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/traefik2 (Old) and /work/SRC/openSUSE:Factory/.traefik2.new.19631 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "traefik2" Fri Jun 6 22:45:30 2025 rev:9 rq:1283713 version:2.11.25 Changes: -------- --- /work/SRC/openSUSE:Factory/traefik2/traefik2.changes 2025-01-07 20:52:36.986920187 +0100 +++ /work/SRC/openSUSE:Factory/.traefik2.new.19631/traefik2.changes 2025-06-06 22:46:23.929113869 +0200 @@ -1,0 +2,78 @@ +Fri Jun 6 09:04:25 UTC 2025 - Johannes Weberhofer <jweberho...@weberhofer.at> + +Important: Please read the migration guide at +https://doc.traefik.io/traefik/v2.11/migration/v2/#v21125 + +- Version 2.11.25 + - Fix for boo#1243818 CVE-2025-47952 + - k8s/ingress + * Fix panic for ingress with backend resource (#11777 by rtribotte) + - server + * Normalize request path (#11768 by kevinpollet) + +- Version 2.11.24 + + CVE's fixed: + CVE-2025-32431 (Advisory GHSA-6p68-w45g-48j7) + CVE-2025-22868 (Advisory GHSA-3wqc-mwfx-672p) + CVE-2025-22871 (Advisory GHSA-5423-jcjm-2gpv) + + The incoming request path is now cleaned before being used to match the + router rules and sent to the backends. Any /../, /./ or duplicate slash + segments in the request path is interpreted and/or collapsed. + Please read the migration guide: + https://doc.traefik.io/traefik/v2.11/migration/v2/#request-path-sanitization + + * middleware + - add Content-Length header to preflight response + * server + - Sanitize request path (#11684 by rtribotte) + +- Version 2.11.23 + * Fix for boo#1239233 CVE-2025-22868 + + * ecs,logs + - Bump AWS SDK to v2 + * logs,tls + - Error level log for configuration-related TLS errors with backends + * rules + - Allow underscore character in HostSNI matcher + * webui + - Change boolean module properties default value to undefined + * Upgrades + - Bump golang.org/x/net to v0.38.0 + fix for boo#1241731 CVE-2025-22872 + +- Version 2.11.22 + * fix for boo#1239383 CVE-2025-22869 + * logs,tls + - Error level log for configuration-related TLS errors with backends + * rules + - Allow underscore character in HostSNI matcher + * webui + - Change boolean module properties default value to undefined + * Updates + - Bump github.com/go-jose/go-jose/v4 to v4.0.5 + fix boo#1237636 CVE-2025-27144 + +- Version 2.11.21 + - middleware + * Enable the retry middleware in the proxy (#11536 by kevinpollet) + * Retry should send headers on Write (#11534 by kevinpollet) + +------------------------------------------------------------------- +Fri Feb 7 09:21:15 UTC 2025 - Johannes Weberhofer <jweberho...@weberhofer.at> + +- Fix for boo#1235401 + +- Version 2.11.20 + * acme + - Graceful shutdown for ACME JSON write operation + * middleware + - Changing log message when client cert is not available to debug + * service + - Do not create a logger instance for each proxy + * webui + - Fix auto refresh not clearing on component unmount + +------------------------------------------------------------------- @@ -19,0 +98 @@ + mentioned in boo#1235270 CVE-2024-45338 @@ -24,0 +104 @@ + - Fix for boo#1234513 CVE-2024-45337 @@ -160,0 +241,2 @@ + * Fix for boo#1235167 CVE-2024-28180 + Old: ---- traefik-v2.11.18.src.tar.gz New: ---- traefik-v2.11.25.src.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ traefik2.spec ++++++ --- /var/tmp/diff_new_pack.XC5Bgk/_old 2025-06-06 22:46:25.133163767 +0200 +++ /var/tmp/diff_new_pack.XC5Bgk/_new 2025-06-06 22:46:25.133163767 +0200 @@ -23,7 +23,7 @@ %define buildmode pie %endif Name: traefik2 -Version: 2.11.18 +Version: 2.11.25 Release: 0 Summary: The Cloud Native Application Proxy License: MIT @@ -104,7 +104,16 @@ %service_add_post traefik.service %{fillup_only -n traefik} # fix ownership for config and logging directory -chown -R traefik: %{_sysconfdir}/traefik %{_localstatedir}/log/traefik +chown traefik: \ + %{_sysconfdir}/traefik \ + %{_sysconfdir}/traefik/* \ + %{_localstatedir}/log/traefik +if [ -d %{_sysconfdir}/traefik/conf.d ] && [ ! -L %{_sysconfdir}/traefik/conf.d ] && [ -n "`ls -A %{_sysconfdir}/traefik/conf.d`" ] ; then + chown traefik: %{_sysconfdir}/traefik/conf.d/* +fi +if [ -d %{_localstatedir}/log/traefik ] && [ ! -L %{_localstatedir}/log/traefik ] && [ -n "`ls -A %{_localstatedir}/log/traefik`" ] ; then + chown traefik: %{_localstatedir}/log/traefik/* +fi %preun %service_del_preun traefik.service ++++++ traefik-v2.11.18.src.tar.gz -> traefik-v2.11.25.src.tar.gz ++++++ /work/SRC/openSUSE:Factory/traefik2/traefik-v2.11.18.src.tar.gz /work/SRC/openSUSE:Factory/.traefik2.new.19631/traefik-v2.11.25.src.tar.gz differ: char 14, line 1 ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/traefik2/vendor.tar.gz /work/SRC/openSUSE:Factory/.traefik2.new.19631/vendor.tar.gz differ: char 5, line 1
