Release 1.6.12 Support IPv6 in database DSN (#9937) Don’t force specific error_reporting setting Fix compatibility with PHP 8.5 regarding array_first() Remove X-XSS-Protection example from .htaccess file (#9875)
Comment
Archive for December, 2025
124 results.
Update to 1.22.0
Backport fix for CVE-2025-11021.
Backport fix for CVE-2025-12084.
Update to glib-2.84.4 and backport fixes for CVE-2025-13601, CVE-2025-14087 and CVE-2025-14512.
Backport fix for CVE-2025-11021.
Update to pgadmin-9.11, fixes CVE_2025-13780.
Fixes CVE-2025-58188, unretire package and update to 3.8.2.
Multiple security issues were discovered in the Rails web framework which could result in command injection or logging of unescaped ANSI sequences. For the oldstable distribution (bookworm), these problems have been fixed in version 2:6.1.7.10+dfsg-1~deb12u2.
Multiple security issues were discovered in the WordPress blogging tool, which could result in cross-site scripting or information disclosure. For the stable distribution (trixie), these problems have been fixed in version 6.8.3+dfsg1-0+deb13u1. We recommend that you upgrade your wordpress packages.
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 143.0.7499.169-1~deb12u1.
Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in denial of service or memory disclosure. For the stable distribution (trixie), these problems have been fixed in version 8.4.16-1~deb13u1.
Update to uriparser-1.0.0, fixes CVE-2025-67899.
fix setpwnam() buffer use [CVE-2025-14104] libblkid: use snprintf() instead of sprintf()
Update to 0.2.8
Update to 143.0.7499.146 * High CVE-2025-14765: Use after free in WebGPU * High CVE-2025-14766: Out of bounds read and write in V8 * Force dark mode when auto dark mode web content is on
It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, is prone to a cross-site scripting vulnerability via the animate tag in an SVG document and a information disclosure vulnerability in the HTML style sanitizer. For the oldstable distribution (bookworm), these problems have been fixed
Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, information disclosure, missing rate limiting or denial of service. For the oldstable distribution (bookworm), these problems have been fixed in version 1:1.39.17-1~deb12u1.
“Turistu” discovered that incorrect permission handling in the Dropbear SSH server could result in privilege escalation. The oldstable distribution (bookworm) is not affected. For the stable distribution (trixie), this problem has been fixed in version 2025.89-1~deb13u1.
Plesk 2025: A Year in Review
Dec19
on December 19, 2025
at 1:27 pm
Posted In: 2025 review, Featured, hosting control panel, looking back, Plesk, Plesk top highlights, Releases, year in review
As 2025 draws to a close, we want to celebrate the incredible milestones we’ve achieved this year together with you, our invaluable community. From exciting new integrations and AI-driven tools to security, performance, and usability enhancements, Plesk continues to evolve to make hosting simpler, faster, and more efficient for our users; agencies, developers, sysadmins, and […]
The post Plesk 2025: A Year in Review appeared first on Plesk.
Several security issues were fixed in the Linux kernel.
Several security issues were fixed in the Linux kernel.
Several security issues were fixed in the Linux kernel.
Several security issues were fixed in the Linux kernel.
It was discovered that c-ares, a library that performs DNS requests and name resolution asynchronously, does not properly handle termination of queries which may result in denial of service. For the stable distribution (trixie), this problem has been fixed in version 1.34.5-1+deb13u1.
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2025-14174 Apple and the Google Threat Analysis Group discovered that processing maliciously crafted web content may lead to memory
Update brotli to 1.2.0. This update provides the necessary Python APIs in python3-brotli to fix denial- of-service security issues related to \u201cdecompression bombs,\u201d such as CVE-2025-66471 or CVE-2025-6176, but actually fixing them would require separate updates in affected packages.
Update brotli to 1.2.0. This update provides the necessary Python APIs in python3-brotli to fix denial- of-service security issues related to \u201cdecompression bombs,\u201d such as CVE-2025-66471 or CVE-2025-6176, but actually fixing them would require separate updates in affected packages.
fix possible issue reported by OSH 2.4.16 (fedora#2417970) rebuild due binutils bug (fedora#2418285) fix division by zero crash in pstops (fedora#2415396)
Update logrus for https://access.redhat.com/security/cve/cve-2025-65637