www/typo3-13: update to 13.4.27
13.4.27 (2026-03-10)
This version is a bugfix and maintenance release. For more information,
please refer: <https://get.typo3.org/release-notes/13.4.27>.
www/php-ja-wordpress: update to 6.9.2
6.9.2 (2026-03-10)
This is a security release that features several fixes.
* A Blind SSRF issue reported by sibwtf, and subsequently by several other
researchers while the fix was being worked on
* A PoP-chain weakness in the HTML API and Block Registry reported by Phat
RiO
* A regex DoS weakness in numeric character references reported by Dennis
Snell of the WordPress Security Team
* A stored XSS in nav menus reported by Phill Savage
* An AJAX query-attachments authorization bypass reported by Vitaly
Simonovich
[12 lines not shown]
www/wordpress: update to 6.9.2
6.9.2 (2026-03-10)
This is a security release that features several fixes.
* A Blind SSRF issue reported by sibwtf, and subsequently by several other
researchers while the fix was being worked on
* A PoP-chain weakness in the HTML API and Block Registry reported by Phat
RiO
* A regex DoS weakness in numeric character references reported by Dennis
Snell of the WordPress Security Team
* A stored XSS in nav menus reported by Phill Savage
* An AJAX query-attachments authorization bypass reported by Vitaly
Simonovich
[12 lines not shown]
archivers/php-pecl-zip: update to 1.22.8
1.22.8 (2026-03-06)
* Fixed bug GH-19932 Memory leak in zip
setEncryptionName()/setEncryptionIndex(). (David Carlier)
* Fix memory leak when passing enc_method/enc_password is passed as option
for ZipArchive::addGlob()/addPattern() and with consecutive calls.
(David Carlier)
* Fix crash in property existence test. (ndossche)
* Don't truncate return value of zip_fread() with user sizes. (ndossche)
lang/ruby34: update to 3.4.9
3.4.9 (2026-03-11)
This release includes an update to the zlib gem addressing CVE-2026-27820,
along with other bug fixes.
What's Changed:
* Bug #21715: Miscompilation on x86-64-v2 due to undefined behavior in
search_nonascii in string.c
* Bug #21787: IO::Buffer Integer Overflow in Range Validation Leads to
Out-of-Bounds Memory Access
* Bug #21757: Splatted args array is mutated when passing unexpected kwargs
* Bug #21326: Instruction generation differences between parse.y and prism
for def a(x, ...); b(...); end
[19 lines not shown]
py-uv py-uv-build: updated to 0.10.9
0.10.9
Enhancements
Add fbgemm-gpu, fbgemm-gpu-genai, torchrec, and torchtune to the PyTorch list
Add torchcodec to PyTorch List
Log the duration we took before erroring
Warn when using uv_build settings without uv_build
Add fallback to /usr/lib/os-release on Linux system lookup failure
Use cargo auditable to include SBOM in uv builds
Configuration
Add an environment variable for UV_VENV_RELOCATABLE
Performance
[17 lines not shown]
defguard-gateway: updated to 1.6.3
1.6.3
This is a security patch for the major 1.6 release.
It includes dependency updates to resolve the following CVEs:
CVE-2026-25541CVE-2026-25727
defguard: updated to 1.6.4
1.6.4
This is a security patch for the major 1.6 release.
It includes dependency updates to resolve the following CVEs:
CVE-2026-25537
GHSA-7587-4wv6-m68m
GHSA-8h58-w33p-wq3g
GHSA-c7ph-f7jm-xv4w
CVE-2026-25727CVE-2026-25639CVE-2026-2391
net/xfr: update to 0.9.4
Added
--no-mdns flag (#41) — xfr serve --no-mdns disables mDNS service registration for environments where multicast is unwanted or another service already uses mDNS.
server.no_mdns config support — also configurable via [server] no_mdns = true in ~/.config/xfr/config.toml.
Changed
Delta retransmits in interval reports (#36) — plain text interval lines now show per-interval retransmit deltas instead of cumulative totals, making it easier to spot when retransmits actually occur. Hidden intervals from --omit, --quiet, or larger --interval settings no longer get folded into the next visible rtx: value. Final summary still shows cumulative totals.
