openSUSE-SU-2022:10007-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2022:10007-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2022:10007-1
Related
Published
2022-06-10T18:01:10Z
Modified
2022-06-10T18:01:10Z
Summary
Security update for caddy
Details

This update for caddy fixes the following issues:

Update to version 2.5.1:

  • Fixed regression in Unix socket admin endpoints.
  • Fixed regression in caddy trust commands.
  • Hash-based load balancing policies (iphash, urihash, header, and cookie) use an improved highest-random-weight (HRW) algorithm for increased consistency.
  • Dynamic upstreams, which is the ability to get the list of upstreams at every request (more specifically, every iteration in the proxy loop of every request) rather than just once at config-load time.
  • Caddy will automatically try to get relevant certificates from the local Tailscale instance.
  • New OpenTelemetry integration.
  • Added new endpoints /pki/ca/<id> and /pki/ca/<id>/certificates for getting information about Caddy's managed CAs.
  • Rename _caddy to zsh-completion
  • Fix MatchPath sanitizing [bsc#1200279, CVE-2022-29718]
References

Affected packages

SUSE:Package Hub 15 SP4 / caddy

Package

Name
caddy
Purl
pkg:rpm/suse/caddy&distro=SUSE%20Package%20Hub%2015%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.1-bp154.2.5.1

Ecosystem specific 

{
    "binaries": [
        {
            "caddy": "2.5.1-bp154.2.5.1"
        }
    ]
}

openSUSE:Leap 15.4 / caddy

Package

Name
caddy
Purl
pkg:rpm/opensuse/caddy&distro=openSUSE%20Leap%2015.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.1-bp154.2.5.1

Ecosystem specific 

{
    "binaries": [
        {
            "caddy": "2.5.1-bp154.2.5.1"
        }
    ]
}