Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package traefik for openSUSE:Factory checked in at 2026-07-10 17:48:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/traefik (Old) and /work/SRC/openSUSE:Factory/.traefik.new.1991 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "traefik" Fri Jul 10 17:48:08 2026 rev:54 rq:1364914 version:3.7.7 Changes: -------- --- /work/SRC/openSUSE:Factory/traefik/traefik.changes 2026-06-17 16:18:46.740217475 +0200 +++ /work/SRC/openSUSE:Factory/.traefik.new.1991/traefik.changes 2026-07-10 17:50:05.935174531 +0200 @@ -1,0 +2,82 @@ +Wed Jul 8 15:56:08 UTC 2026 - Johannes Weberhofer <[email protected]> + +- Version 3.7.7 + + CVEs fixed + * Advisory GHSA-cxjq-mrr5-89rv + * Advisory GHSA-42cj-m3vj-89wv + * Advisory GHSA-qq9q-x9w4-chhj + + Bugs fixed + * acme + - Bump software.sslmate.com/src/go-pkcs12 to v0.7.3 + * k8s/crd + - Fix cross-provider ref check for TCP ServersTransport in Kubernetes + CRD provider + * k8s + - Fix panic when endpointslice port value or name is nil + * k8s, k8s/gatewayapi + - Fix ExtensionRef filters on backendRefs to resolve against the + HTTPRoute namespace + * middleware + - Fix handle empty unknown-length bodies in mirroring + * middleware, k8s/ingress-nginx + - Add app-root middleware with nginx variable interpolation + * middleware + - Sanitize replaced path in ReplacePathRegex middleware + * otel + - Bump go.opentelemetry.io/otel to v1.44.0 + * rules + - Fix consistency between HostSNI() and Host() + +------------------------------------------------------------------- +Wed Jul 8 15:23:40 UTC 2026 - Johannes Weberhofer <[email protected]> + +- Version 3.7.6 + CVEs fixed + * CVE-2026-54763 (Advisory GHSA-x677-9fxg-v5c5) - boo#1270431, boo#1270430 + * CVE-2026-54764 (Advisory GHSA-3q9r-p662-5j8m) - boo#1270432 + * CVE-2026-54765 (Advisory GHSA-6p8f-p8j2-rqmv) + + Bugs fixed + * acme, logs + - Bump github.com/go-acme/lego/v5 + * k8s + - Detect EndpointSlice condition changes + * k8s/gatewayapi + - Add missing Gateway API features in conformance tests + - Avoid collisions for Gateway API services names + - Ignore other gateways parentRefs and update route parent statuses + only for managed gateways + * k8s + - Index Kubernetes EndpointSlice by service name + * k8s/ingress-nginx + - Configure retry according to buffering configuration + - Fix force-ssl-redirect routing 418 when TLS is terminated upstream + * k8s, k8s/ingress-nginx + - Fix ingress-nginx ssl passthrough status updates + * k8s + - Sort endpointslices to keep backend IPs consistent across rebuilds + * kv + - Bump kvtools/redis to v1.2.1 + * middleware, authentication + - Fix x-forwarded-port in forward-auth + * middleware + - Fix CORS Max-Age set to 0 by default + - Fix CORS wildcard when allow-credentials is true + * middleware, k8s/gatewayapi + - Fix Gateway API redirect missing statuses + - Fix Host header not being modified by RequestHeaderModifier + - Fix request scheme derivation when Gateway API RequestRedirect + omits scheme + * server + - Add an option to remove request headers with underscores + - Configurable max request header size + * tls + - Fix nondeterministic TLS certificate selection on shared SAN + * websocket + - Fix connection upgrades when backend server is using h2c scheme + * webui + - Bump axios to v1.18.0 + +------------------------------------------------------------------- @@ -6,0 +89,4 @@ + CVEs fixed + * CVE-2026-54761 (Advisory GHSA-3g6v-2r68-prfc) boo#1268523 + * CVE-2026-54762 (Advisory GHSA-4mr2-fg2p-w63c) + @@ -34,4 +120,4 @@ - CVE fixed - * CVE-2026-48020 (Advisory GHSA-xf64-8mw2-4gr2) - * CVE-2026-48491 (Advisory GHSA-5r4w-85f3-pw66) - * CVE-2026-53622 (Advisory GHSA-9cr8-q42q-g8m7) + CVEs fixed + * CVE-2026-48020 (Advisory GHSA-xf64-8mw2-4gr2) - boo#1268387 + * CVE-2026-48491 (Advisory GHSA-5r4w-85f3-pw66) - boo#1269068 + * CVE-2026-53622 (Advisory GHSA-9cr8-q42q-g8m7) - boo#1269067 @@ -73 +159 @@ - * CVE-2026-44774 (Advisory GHSA-96qj-4jj5-wcjc) + * CVE-2026-44774 (Advisory GHSA-96qj-4jj5-wcjc) - boo#1265372 Old: ---- traefik-v3.7.5.src.tar.gz New: ---- traefik-v3.7.7.src.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ traefik.spec ++++++ --- /var/tmp/diff_new_pack.EV8qQz/_old 2026-07-10 17:50:09.951310960 +0200 +++ /var/tmp/diff_new_pack.EV8qQz/_new 2026-07-10 17:50:09.975311775 +0200 @@ -23,7 +23,7 @@ %define buildmode pie %endif Name: traefik -Version: 3.7.5 +Version: 3.7.7 Release: 0 Summary: The Cloud Native Application Proxy License: MIT @@ -42,7 +42,7 @@ BuildRequires: golang-packaging BuildRequires: systemd-rpm-macros BuildRequires: sysuser-tools -BuildRequires: (golang(API) >= 1.25) +BuildRequires: (golang(API) >= 1.26) Requires: logrotate Recommends: podman Conflicts: traefik2 ++++++ traefik-v3.7.5.src.tar.gz -> traefik-v3.7.7.src.tar.gz ++++++ /work/SRC/openSUSE:Factory/traefik/traefik-v3.7.5.src.tar.gz /work/SRC/openSUSE:Factory/.traefik.new.1991/traefik-v3.7.7.src.tar.gz differ: char 12, line 1 ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/traefik/vendor.tar.gz /work/SRC/openSUSE:Factory/.traefik.new.1991/vendor.tar.gz differ: char 13, line 1
