Mastodawn

🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!

⚠️ Update NOW or disable GitHub Actions immediately!

https://blog.packagist.com/composer-2-9-8-and-2-2-28-fix-github-actions-token-disclosure-in-error-messages/

#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate

Composer 2.9.8 and 2.2.28 fix GitHub Actions token disclosure in error messages

Please immediately update Composer to version 2.9.8 or 2.2.28 (LTS) by running composer.phar self-update. The new releases fix a vulnerability where Composer leaks the full contents of GitHub Actions issued GITHUB_TOKENs or GitHub App installation tokens to the GitHub Actions logs. GitHub introduced a

Private Packagist

Feed2Mastodon Nov 13

🚀 Mastodon veröffentlicht Version 4.5.1

• 🔧 Cmd/Ctrl + Enter sendet Alt-Text Modal korrekt ab.
• 🔧 Posts aus Public/Hashtag-Streaming werden nicht mehr fälschlicherweise als nicht zitiert markiert.
• 🔧 Behebung eines Problems, bei dem alte Beiträge fälschlicherweise als neu behandelt wurden.

https://github.com/mastodon/mastodon/releases/tag/v4.5.1

#Mastodon #PatchRelease #Update #Ruby #PostgreSQL #Elasticsearch #Redis #Nodejs

Release v4.5.1 · mastodon/mastodon

This is a patch release for 4.5. Check out the 4.5.0 release notes for information. For a user-focused highlight of these changes, see https://blog.joinmastodon.org/2025/11/mastodon-4.5/ Changelog ...

GitHub

Franck Nijhof Sep 19, 2025

🛠️ Home Assistant 2025.9.4 is out. A small weekend patch and the final one in the 2025.9 cycle.

Next up: beta for 2025.10 starts next week.

Have a great weekend and happy automating 🤖

#HomeAssistant #SmartHome #OpenSource #PatchRelease #Automation

redoracle Jul 31, 2025

Critical vulnerability in Google's Gemini CLI tool uncovered, posing risks to developers. Upgrade now! #GeminiCLI #Cybersecurity #PatchRelease https://redoracle.com/News/Uncovering-Gemini-CLI-Vulnerability.html

Uncovering Gemini CLI Vulnerability

Image Introduction A critical vulnerability in Google's Gemini CLI tool has been uncovered, allowing hackers to execute hidden malicious commands on developer systems. This flaw...

RedOracle

OpenProject Mar 26, 2025

🆕 We released OpenProject 15.4.2 today. This release contains several bug fixes and we highly recommend updating to the newest version.

See our release notes for details: https://openproject.org/docs/release-notes/15-4-2/

#OpenProject #ProjectManagement #Release #OpenSource #PatchRelease

OpenProject 15.4.2

Open source project management software for classic, agile or hybrid project management: task management✓ Gantt charts✓ boards✓ team collaboration✓ time and cost reporting✓ FREE trial!

OpenProject.org

OpenProject Mar 20, 2025

🆕 We just released OpenProject 15.4.1. The release contains several bug fixes and we highly recommend updating to the newest version.

See our release notes for details: https://www.openproject.org/docs/release-notes/15-4-1/

#OpenProject #ProjectManagement #Release #OpenSource #PatchRelease

OpenProject 15.4.1

Open source project management software for classic, agile or hybrid project management: task management✓ Gantt charts✓ boards✓ team collaboration✓ time and cost reporting✓ FREE trial!

OpenProject.org

🛡 [email protected]/:~#

Apr 26, 2024

GitLab Security Update: Critical Patches Released

Date: April 24, 2024
CVE: Multiple (e.g., CVE-2024-4024, CVE-2024-2434)
Vulnerability Type: Authentication Issues, Path Traversal, DoS, Information Disclosure
CWE: [[CWE-287]], [[CWE-22]], [[CWE-400]], [[CWE-284]]
Sources: GitLab Security Release

Issue Summary

GitLab has released critical security updates (16.11.1, 16.10.4, 16.9.6) addressing multiple high and medium severity vulnerabilities across various versions. The identified issues include authentication bypass, path traversal, and denial of service attacks.

Technical Key findings

Key vulnerabilities allow unauthorized account access, server file reading, and service disruption due to inadequate input validation and authentication checks.

Table of security fixes

|Title|Severity|
|---|---|
|GitLab account takeover, under certain conditions, when using Bitbucket as an OAuth provider|High|
|Path Traversal leads to DoS and Restricted File Read|High|
|Unauthenticated ReDoS in FileFinder when using wildcard filters in project file search|High|
|Personal Access Token scopes not honoured by GraphQL subscriptions|Medium|
|Domain based restrictions bypass using a crafted email address|Medium|

Vulnerable products

GitLab Community Edition (CE)
GitLab Enterprise Edition (EE)all versions starting from 7.8 before 16.9.6all versions starting from 16.10 before 16.10.4 all versions starting from 16.11 before 16.11.1.

Impact assessment

Exploits could lead to account takeovers, unauthorized access to sensitive data, and significant service disruptions affecting availability and integrity.

Patches or workaround

Upgrading to the latest versions (16.11.1, 16.10.4, 16.9.6) is strongly recommended as they contain necessary security fixes. To update GitLab, see the Update page.

Tags

#GitLab #CVE-2024-4024 #CVE-2024-2434 #AuthenticationBypass #PathTraversal #DenialOfService #PatchRelease

GitLab Patch Release: 16.11.1, 16.10.4, 16.9.6

Learn more about GitLab Patch Release: 16.11.1, 16.10.4, 16.9.6 for GitLab Community Edition (CE) and Enterprise Edition (EE).

GitLab

CrystalLanguage Oct 13, 2023

Latest release 1.10.1

We’re happy to announce the release of a new patch for the Crystal 1.10 series, which comes with three bugfixes. To view full statistics and changes brought in by the patch release, please visit https://crystal-lang.org/2023/10/13/1.10.1-released/. Installation instructions can be found at https://crystal-lang.org/install/.

We are grateful to everyone who contributed for their work in enhancing the language.

Happy Crystalising🙂 !
#CrystalLang #Patchrelease

Crystal 1.10.1 is released!

We are announcing a new patch release of the Crystal 1.10 series with three bugfixes.

The Crystal Programming Language