BSD Commit Log Search

security/vuxml: Document multiple vulnerabilities in net/traefik

www/rubygem-jwt2: Update to 2.10.3

Changes:        https://github.com/jwt/ruby-jwt/releases
Security:       CVE-2026-45363
(cherry picked from commit e9102d58810a715797003e461f86a79992249078)

devel/gitlab-runner: update to 19.0.1

Changes:        https://gitlab.com/gitlab-org/gitlab-runner/blob/main/CHANGELOG.md
(cherry picked from commit 3d6d4513f122d7f1ff052aa6ecc45738c5f579cf)

www/gitlab: security and patch update to 19.0.2

Changes:        https://docs.gitlab.com/releases/patches/patch-release-gitlab-19-0-2-released/
Security:       ac9bab80-6618-11f1-8e04-2cf05da270f3
(cherry picked from commit 1eb6e896184c69fea6b31d4304d15c4f46c14dee)

devel/rubygem-rdoc-gitlab: update to 6.17.0

Required for gitlab 19.0.2

Changes:        https://github.com/ruby/rdoc/releases
(cherry picked from commit 4156a4cb3bf8c0751d4fc5b1fc9fae52fcead863)

devel/rubygem-oj-gitlab: update to 3.17.3

Required for gitlab 19.0.2

Changes:        https://github.com/ohler55/oj/blob/develop/CHANGELOG.md
(cherry picked from commit 95352a20ccdc4cc21660dada01dee666c4b976e2)

devel/rubygem-irb-gitlab: update to 1.18.0

Required for gitlab 19.0.2

Changes:        https://github.com/ruby/irb/releases
(cherry picked from commit 9f206fc9a0d75799d15047463624fb99ce7c2d8b)

www/gitlab: add new ports required for 19.0.2

(cherry picked from commit e58ec5d9b1110cc27fb72aea010aaebc48c7998a)

science/py-pygmo2: update 2.19.7 → 2.19.8

astro/py-pyvo: update 1.9.0 → 1.9.1

net-p2p/py-libtorrent-rasterbar: update 2.0.12 → 2.0.13

math/py-sparsediffpy: update 0.5.0 → 0.5.1

devel/py-distlib: update 0.4.2 → 0.4.3

sysutils/py-filelock: update 3.29.1 → 3.29.4

www/py-slowapi: update 0.1.9 → 0.1.10

misc/py-langchain-openai: update 1.2.2 → 1.3.2

misc/py-langchain: update 1.3.4 → 1.3.9

misc/py-langsmith: update 0.8.14 → 0.8.15

misc/py-langchain-protocol: update 0.0.16 → 0.0.17

misc/py-langgraph: update 1.2.4 → 1.2.5

misc/py-langchain-anthropic: update 1.4.5 → 1.4.6

misc/py-langchain-core: update 1.4.6 → 1.4.7

editors/elementary-code: Update 8.2.0 => 8.3.0

Changelog:
https://github.com/elementary/code/releases/tag/8.3.0

- Sort plist.

PR:             295363
Approved by:    Miguel Gocobachi <miguel at gocobachi.dev> (maintainer, timeout 4 weeks)
Sponsored by:   UNIS Labs

misc/lean-ctx: update 3.8.2 → 3.8.4

security/susshi: update 0.18.1 → 0.18.2

deskutils/thokr: update 0.4.1 → 0.5.0

sysutils/mise: update 2026.6.3 → 2026.6.6

www/caddy: Update to 2.11.4 (security)

Changes:
  Security-related patches:
  - caddyhttp: Normalize Windows backslashes in path matcher (thanks
    @Vincent550102)
  - rewrite: Prevent placeholder re-expansion in injected query
    (thanks @WhiskerEnt)
  - templates: Improved stripHTML action to more reliably remove
    malformed HTML (thanks to @jmrcsnchz)
  - caddyhttp: Ignore header fields with underscores to prevent
    collisions (thanks @Vincent550102 for the report and @dunglas for
    the patch)

    NB: These security patches may be breaking if your application
    relies on the buggy behaviors.

  What's Changed:
  - reverseproxy: further prevent body closes from dial errors by

    [37 lines not shown]

security/vuxml: Add caddy < 2.11.4

www/caddy: Update to 2.11.4 (security)

Changes:
  Security-related patches:
  - caddyhttp: Normalize Windows backslashes in path matcher (thanks
    @Vincent550102)
  - rewrite: Prevent placeholder re-expansion in injected query
    (thanks @WhiskerEnt)
  - templates: Improved stripHTML action to more reliably remove
    malformed HTML (thanks to @jmrcsnchz)
  - caddyhttp: Ignore header fields with underscores to prevent
    collisions (thanks @Vincent550102 for the report and @dunglas for
    the patch)

    NB: These security patches may be breaking if your application
    relies on the buggy behaviors.

  What's Changed:
  - reverseproxy: further prevent body closes from dial errors by

    [35 lines not shown]