4.24
4.23 is not safe when there are multiple disks configured and erasure coding(EC) is using the worker. The worker added a capability to distribute EC shards to different disks to ensure proper shard distribution. However, the volume server fails to loaded the EC shards, because the EC index could be on a different peer disk.
-
Table Buckets and Iceberg Catalog
- test(s3tables): add Apache Doris Iceberg catalog integration test by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9307
- test(s3tables): Unity Catalog OSS integration tests against SeaweedFS by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9308
-
Volume Server
- quiet noisy 'shard X not found' log when EC shard lives on another server by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9316
- fix(balance): don't move remote-tiered volumes; don't fatal on missing .idx by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9335
- fix(volume): don't panic on read when needle map is nil by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9342
- fix(ec): planner treats each (server, disk_id) as a distinct target (#9369) by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9371
- volume: require admin auth on ReadAllNeedles and VolumeNeedleStatus by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9437
- volume: require admin auth on BatchDelete by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9438
- fix(volume): don't nuke local data on transient IO error (#9378) by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9382
- fix(volume): sticky EIO quarantine; track streamed reads by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9384
- fix(volume): pre-size ParseUpload buffer to request ContentLength by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9421
- perf(volume): stream-count the gzip size when no Content-MD5 is set by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9433
- fix(ec): preserve source disk type across EC encoding (#9423) by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9449
- fix(ec): skip re-encode when EC shards already exist for the volume (#9448) by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9458
- fix(storage): refuse to load .vif-only entry as regular volume when .ecx exists (#9448) by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9461
- volume: gate FetchAndWriteNeedle behind admin auth and refuse internal endpoints by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9441
- fix(storage): prune partial EC shards when sibling disk has healthy .dat (#9478) by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9480
- fix(volume): seed indexFileOffset in SortedFileNeedleMap so Delete appends by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9483
- fix(ec): make multi-disk same-server EC reads work + full-lifecycle integration test by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9487
- fix(ec): verify full shard set before deleting source volume (#9490) by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9493
-
Misc
- fix(volume): add authentication to destructive gRPC admin endpoints by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8876
- chore(weed/mq/kafka/protocol): remove unused functions and variables by @alrs in https://github.com/seaweedfs/seaweedfs/pull/9488
- chore(weed/util/chunk_cache): remove unused functions by @alrs in https://github.com/seaweedfs/seaweedfs/pull/9372
- fix(pb): skip Unix-socket gRPC registration on Windows (#9430) by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9434
- chore(weed/util/log_buffer): remove unused functions by @alrs in https://github.com/seaweedfs/seaweedfs/pull/9444
- shell: expose retention flags on mq.topic.configure by @pmiriyev in https://github.com/seaweedfs/seaweedfs/pull/9416
- cluster: restrict Ping RPC to known peers of the requested type by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9445
-
Mini Mode
- fix(mini): raise admin readiness timeout to 2 minutes by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9329
-
S3
- fix(iam): deny IAM users with no policies instead of granting full access by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9317
- fix(s3): add HMAC-SHA256 key commitment to SSE-S3 and SSE-KMS by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8879
- fix(s3): encrypt SSE-S3 KEK at rest with AES-GCM wrapping by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/8880
- feat(iam): STS web-identity AWS-fidelity polish (Phase 1) by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9318
- feat(iam): OIDC provider store + read-only IAM API (Phase 2a) by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9319
- fix(test/s3/policy): allocate fresh admin port per subtest by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9332
- feat(iam): OIDC provider mutations + multi-client + TLS thumbprints (Phase 2b) by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9320
- feat(iam): principal session tags from OIDC tokens (Phase 3a) by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9321
- feat(iam): claim-based policy mode for AssumeRoleWithWebIdentity (Phase 3b) by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9322
- fix(iam): reject empty issuer in ComputeParentUser by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9326
- feat(iam): account-scoped OIDC providers (Phase 3c) by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9323
- feat(iam): opt-in session revocation via JTI blocklist (Phase 3d) by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9324
- feat(iam): OIDC provider audit trail (Phase 3e) by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9325
- fix(iam): four phase-3 follow-ups (provider scoping, public path wrapper, static mirror, claim-mode RoleArn) by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9333
- fix(s3api): cap copy-chunk receive buffer to avoid append-grow blowup by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9420
- fix: cap pool retention so chunk-copy buffers don't hoard memory by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9422
- feat(s3api): stream chunk copy via io.Pipe to cut peak working set by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9424
- feat(s3api): full-chunk gzip pass-through skips volume-side decompress by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9427
- feat(s3): stamp noncurrent_since on versioned demotions by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9431
- fix(s3/audit): emit audit log for successful GET/HEAD by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9467
- fix(s3/versioning): repair dangling latest-version pointer after partial delete by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9460
- feat(s3/versioning): grep-able heal logs + scan-anomaly diagnostics + audit cmd by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9468
-
S3 Lifecycle
- A series of PRs to implement metadata event driven lifecycle enforcement
-
Admin Server and Worker
- fix(admin/view): wrap plugin history URL with basePath by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9341
- Fix UI prefix url encoding by @msk-psp in https://github.com/seaweedfs/seaweedfs/pull/9344
-
FUSE mount
- fix(mount): skip pressure-eviction of gappy page chunks (#9330) by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9334
- fix(mount): preserve user-set mtime through async/periodic flush (#9363) by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9370
- fix(mount): fall through to filer when cached dir misses a tracked inode by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9436
-
Shell
- fix(shell): scope volume.fsck filer walk when -volumeId selects one bucketed collection by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9347
-
Master
- fix(master): route ec shard vids to NewEcVids on initial subscribe by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9435
-
Filer
- filer: scope JWT allowed_prefixes to path components by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9439
- filer: require admin-signed JWT on the IAM gRPC service by @chrislusf in https://github.com/seaweedfs/seaweedfs/pull/9442
- @msk-psp made their first contribution in https://github.com/seaweedfs/seaweedfs/pull/9344
Full Changelog: https://github.com/seaweedfs/seaweedfs/compare/4.23...4.24
2026-05-13, Version 22.22.3 'Jod' (LTS), @marco-ippolito
- [
4f780905c5] - crypto: fix potential null pointer dereference when BIO_meth_new() fails (Nora Dossche) #61788 - [
4a09efb947] - crypto: update root certificates to NSS 3.121 (Node.js GitHub Bot) #62485 - [
e4c0d99839] - deps: update timezone to 2026a (Node.js GitHub Bot) #62164 - [
0226c8dd7a] - deps: update simdjson to 4.5.0 (Node.js GitHub Bot) #62382 - [
e742ab748c] - deps: update sqlite to 3.51.3 (Node.js GitHub Bot) #62256 - [
73cac0571a] - deps: update amaro to 1.1.8 (Node.js GitHub Bot) #62151 - [
ae5c162b93] - deps: update amaro to 1.1.7 (Node.js GitHub Bot) #61730 - [
b819cb9977] - deps: update amaro to 1.1.6 (Node.js GitHub Bot) #61603 - [
bbcce09dc7] - deps: update sqlite to 3.52.0 (Node.js GitHub Bot) #62150 - [
22ff2d81ce] - deps: update simdjson to 4.3.1 (Node.js GitHub Bot) #61930 - [
f49b51d75c] - deps: update acorn-walk to 8.3.5 (Node.js GitHub Bot) #61928 - [
1a5cec0d49] - deps: update acorn to 8.16.0 (Node.js GitHub Bot) #61925 - [
d339497688] - deps: update nbytes to 0.1.3 (Node.js GitHub Bot) #61879 - [
3ff8ffd459] - deps: remove stale OpenSSL arch configs (René) #61834 - [
b8ddbc1e9a] - deps: update llhttp to 9.3.1 (Node.js GitHub Bot) #61827 - [
ffda97afd4] - deps: update googletest to 2461743991f9aa53e9a3625eafcbacd81a3c74cd (Node.js GitHub Bot) #62484 - [
79aa32cf4f] - deps: update googletest to 73a63ea05dc8ca29ec1d2c1d66481dd0de1950f1 (Node.js GitHub Bot) #61927 - [
b6957e13b6] - deps: update archs files for openssl-3.5.6 (Node.js GitHub Bot) #62629 - [
3a27669063] - deps: upgrade openssl sources to openssl-3.5.6 (Node.js GitHub Bot) #62629 - [
d568a1bb53] - deps: upgrade npm to 10.9.8 (npm team) #62463 - [
ec11f3c1d5] - deps: V8: backport 85b390089e51 (Thibaud Michaud) #62783 - [
08609712ed] - deps: V8: backport 1b27e4674f11 (Thibaud Michaud) #62783 - [
dcc60d5ab2] - deps: V8: backport 9997fc013952 (Thibaud Michaud) #62783 - [
1d1f4451fb] - deps: V8: cherry-pick b96e40d5ac85 (Clemens Backes) #62783 - [
2268567237] - deps: V8: cherry-pick 7cb6188cf913 (Thibaud Michaud) #62783 - [
92804cdbea] - deps: V8: cherry-pick e7ccf0af1bdd (Thibaud Michaud) #62783 - [
eae2c27a40] - deps: V8: cherry-pick 8e214ec3ec8c (Thibaud Michaud) #62783 - [
a1799a49bb] - deps: V8: backport 63b8849d73ae (Thibaud Michaud) #62783 - [
a2df2d8731] - deps: V8: backport 323942700cfe (Thibaud Michaud) #62783 - [
e3d65c7dca] - deps: V8: backport 89dc6eab605c (Thibaud Michaud) #62783 - [
5e7db133de] - deps: V8: backport 910cb91733dc (Jakob Kummerow) #62783 - [
d0c24a28af] - deps: V8: cherry-pick b8f91e510e0f (Thibaud Michaud) #62783 - [
d358687824] - deps: V8: cherry-pick cf03d55db2a0 (Thibaud Michaud) #62783 - [
67c8b2c349] - deps: V8: cherry-pick 692f3d526a38 (Sébastien Doeraene) #62783 - [
71e5a59ffd] - deps: V8: cherry-pick c734674e03f9 (Manos Koukoutos) #62783 - [
f0dbe81c7b] - deps: V8: cherry-pick b2f3aea23a01 (Thibaud Michaud) #62783 - [
d333f480c3] - deps: V8: cherry-pick 5f1342c20b59 (Matthias Liedtke) #62783 - [
db722725bb] - deps: use npm undici@six tag inupdate-undici.sh(Matteo Collina) #63012 - [
9b57979d9c] - doc: add Rafael to last security release steward (Rafael Gonzaga) #62423 - [
d8075585bf] - doc: add path to vulnerabilities.json mention (Rafael Gonzaga) #62355 - [
6ec9a70204] - doc: clarify fs.ReadStream and fs.WriteStream are not constructable (Kit Dallege) #62208 - [
1fc86fcb6e] - doc: add note (and caveat) formock.moduleabout customization hooks (Jacob Smith) #62075 - [
491be80bd9] - doc: add efekrskl as triager (Efe) #61876 - [
18558293a3] - doc: fix module.stripTypeScriptTypes indentation (René) #61992 - [
8e20976522] - doc: explicitly mention Slack handle (Rafael Gonzaga) #61986 - [
70b8e6b4fb] - doc: rename invalidfunctionparameter (René) #61942 - [
4045c76f6c] - doc: clarify status of feature request issues (Antoine du Hamel) #61505 - [
c54652f2aa] - doc: remove incorrect mention ofmoduleintypescript.md(Rob Palmer) #61839 - [
9fad6cedf5] - doc: clarify async caveats forevents.once()(René) #61572 - [
2f1e5733fe] - doc: update Juan's security steward info (Juan José) #61754 - [
a64bdb5068] - doc: fix overstated Date header requirement in response.sendDate (Kit Dallege) #62206 - [
02797de923] - doc: fix small environment_variables typo (chris) #62279 - [
f22ebdc809] - doc: fix small logic error in DETECT_MODULE_SYNTAX (René) #62025 - [
9f4508062a] - doc: fix methods being documented as properties inprocess.md(Antoine du Hamel) #61765 - [
3ea39ff135] - doc: fix dropdown menu being obscured at <600px due to stacking context (Jeff) #61735 - [
c22445079b] - doc: fix spacing in process message event (Aviv Keller) #61756 - [
32831b5223] - doc: fix broken links of net.md (YuSheng Chen) #61673 - [
005508d509] - doc: remove obsolete Boxstarter automated install (Mike McCready) #61785 - [
37c2fd6f7d] - esm: fix path normalization infinalizeResolution(Antoine du Hamel) #62080 - [
1769d74613] - esm: populate separate cache for require(esm) in imported CJS (Joyee Cheung) #59679 - [
ee02966ffc] - http: fix keep-alive socket reuse race in requestOnFinish (Martin Slota) #61710 - [
2fdb5ce6cc] - http2: fix FileHandle leak in respondWithFile (sangwook) #61707 - [
aa2c1eca04] - lib: fix source map url parse in dynamic imports (Chengzhong Wu) #61990 - [
785b00cbeb] - meta: pass release version to release worker (flakey5) #62777 - [
447fb9a0b5] - meta: persist sccache daemon until end of build workflows (René) #61639 - [
5065a0acb3] - module: do not invoke resolve hooks twice for imported cjs (Joyee Cheung) #61529 - [
9a2e21305d] - module: do not wrap module._load when tracing is not enabled (Joyee Cheung) #61479 - [
b9240bc063] - module: fix sync resolve hooks for require with node: prefixes (Joyee Cheung) #61088 - [
2e91b28aaf] - module: handle null source from async loader hooks in sync hooks (Joyee Cheung) #59929 - [
39147c154e] - module: use sync cjs when importing cts (Marco Ippolito) #60072 - [
12a2462b2c] - module: only put directly require-d ESM into require.cache (Joyee Cheung) #59874 - [
cf39566277] - src: fix flags argument offset in JSUdpWrap (Weixie Cui) #61948 - [
578a9a9230] - src: clamp WriteUtf8 capacity to INT_MAX in EncodeInto (semimikoh) #62621 - [
57c3035fec] - stream: fix decoded fromList chunk boundary check (Thomas Watson) #61884 - [
57fb008bb8] - test: update tls junk data error expectations (Filip Skokan) #62629 - [
363f9a9d18] - test: skiptest-urlon--shared-adabuilds (Antoine du Hamel) #62019 - [
daaead342b] - test: simplify encodeInto large buffer regression test (semimikoh) #62621 - [
ecfa766b41] - tools: fix auto-start-ci (Antoine du Hamel) #61900 - [
17c0a610af] - tools: fix parsing of commit trailers inlint-release-proposalGHA (Antoine du Hamel) #62077 - [
89ad7dc63b] - tools: enforce removal oflts-watch-*labels on release proposals (Antoine du Hamel) #61672 - [
5f9bb8ef0c] - tools: revert tools GHA workflow to ubuntu-latest (Richard Lau) #62024 - [
977ef80ac1] - url: process crash via malformed UNC hostname in pathToFileURL() (Nicola Del Gobbo) #62574 - [
ad8f518a81] - zlib: fix use-after-free when reset() is called during write (Matteo Collina) #62325
release-1.30.1
nginx-1.30.1 stable version has been released with fixes for HTTP/2 request injection vulnerability in the ngx_http_proxy_module (CVE-2026-42926), buffer overflow vulnerability in the ngx_http_rewrite_module (CVE-2026-42945), buffer overread vulnerabilities in the ngx_http_scgi_module and ngx_http_uwsgi_module (CVE-2026-42946), buffer overread vulnerability in the ngx_http_charset_module (CVE-2026-42934), address spoofing vulnerability in HTTP/3 (CVE-2026-40460), and use-after-free vulnerability in OCSP requests to resolver (CVE-2026-40701).
See official CHANGES-1.30 on nginx.org.
Below is a release summary generated by GitHub.
- nginx-1.30.1-RELEASE by @pluknet in https://github.com/nginx/nginx/pull/1351
Full Changelog: https://github.com/nginx/nginx/compare/release-1.30.0...release-1.30.1
release-1.31.0
nginx-1.31.0 mainline version has been released with fixes for HTTP/2 request injection vulnerability in the ngx_http_proxy_module (CVE-2026-42926), buffer overflow vulnerability in the ngx_http_rewrite_module (CVE-2026-42945), buffer overread vulnerabilities in the ngx_http_scgi_module and ngx_http_uwsgi_module (CVE-2026-42946), buffer overread vulnerability in the ngx_http_charset_module (CVE-2026-42934), address spoofing vulnerability in HTTP/3 (CVE-2026-40460), and use-after-free vulnerability in OCSP requests to resolver (CVE-2026-40701). Additionally, the release features support for HTTP forward proxy.
See official CHANGES on nginx.org.
Below is a release summary generated by GitHub.
- GH: add a workflow to check for the 'version bump' commit by @ac000 in https://github.com/nginx/nginx/pull/1240
- Connection specific headers by @arut in https://github.com/nginx/nginx/pull/1257
- Updated OpenSSL used for win32 builds. by @pluknet in https://github.com/nginx/nginx/pull/1269
- SSL: logging level fixes. by @bavshin-f5 in https://github.com/nginx/nginx/pull/1258
- Changes in ngx_quic_cbs_recv_rcd() by @pluknet in https://github.com/nginx/nginx/pull/1279
- SSL: log SSL_R_RECORD_LAYER_FAILURE at info level by @Smeet23 in https://github.com/nginx/nginx/pull/1267
- Restrict duplicate TE headers in HTTP/2 and HTTP/3. by @arut in https://github.com/nginx/nginx/pull/1275
- HTTP/3: optimize encoder stream memory usage by @arut in https://github.com/nginx/nginx/pull/1274
- Stream: support ALPN for proxy_ssl upstream. by @VadimZhestikov in https://github.com/nginx/nginx/pull/1109
- Prevent Undefined Behaviour in memcpy(3) via ngx_init_cycle() by @ac000 in https://github.com/nginx/nginx/pull/1082
- GH: Add various bits of GitHub automation by @ac000 in https://github.com/nginx/nginx/pull/1172
- Configure: added synonym for the upstream sticky module option by @hyuan-netizen in https://github.com/nginx/nginx/pull/1292
- Stream: evaluate proxy_ssl_alpn once by @pluknet in https://github.com/nginx/nginx/pull/1304
- Request body: fixed empty body buffering special case. by @pluknet in https://github.com/nginx/nginx/pull/977
- Configure: fix gcc version detection in some corner cases by @ac000 in https://github.com/nginx/nginx/pull/1305
- Upstream: least_time load balancing for HTTP and stream. by @saikrishnakumarreddy in https://github.com/nginx/nginx/pull/1306
- Dav: improved path validation for COPY and MOVE operations by @saikrishnakumarreddy in https://github.com/nginx/nginx/pull/1307
- Proxy: fix keepalive for HTTP/2 when no body is specified by @arut in https://github.com/nginx/nginx/pull/1314
- GH: update the stale PR/issue workflow by @ac000 in https://github.com/nginx/nginx/pull/1315
- HTTP CONNECT proxy. by @arut in https://github.com/nginx/nginx/pull/707
- Reject HTTP CONNECT method with no port after colon by @pluknet in https://github.com/nginx/nginx/pull/1335
- GH: set new issues creation date by @ac000 in https://github.com/nginx/nginx/pull/1272
- nginx-1.31.0-RELEASE by @pluknet in https://github.com/nginx/nginx/pull/1350
- @Smeet23 made their first contribution in https://github.com/nginx/nginx/pull/1267
- @hyuan-netizen made their first contribution in https://github.com/nginx/nginx/pull/1292
- @saikrishnakumarreddy made their first contribution in https://github.com/nginx/nginx/pull/1306
Full Changelog: https://github.com/nginx/nginx/compare/release-1.29.8...release-1.31.0
13.0.1+security-01
Download page What's new highlights
- Security: CVE-2026-28374
- Security: CVE-2026-28376
- Security: CVE-2026-28383
- Security: CVE-2026-28380
- Security: CVE-2026-33376
- Security: CVE-2026-28379
- Security: CVE-2026-33377
- Security: CVE-2026-33378
- Security: CVE-2026-33381
- Security: CVE-2026-33380
12.4.3+security-02
Download page What's new highlights
- Security: CVE-2026-28374
- Security: CVE-2026-28376
- Security: CVE-2026-28383
- Security: CVE-2026-28380
- Security: CVE-2026-33376
- Security: CVE-2026-28379
- Security: CVE-2026-33377
- Security: CVE-2026-33378
- Security: CVE-2026-33381
- Security: CVE-2026-33380
v1.43.1
Meilisearch v1.43.1 contains a security fix for an authenticated SSRF vulnerability.
No exploitation was found on Meilisearch Cloud. Cloud users are not required to update.
We recommend that self-hosting users upgrade if they allow third parties to configure Meilisearch instances.
We thank Sion Park (@tldhs1144), who reported the issue and suggested a fix, for improving the security of Meilisearch ❤️
12.3.6+security-04
Download page What's new highlights
- Alerting: Fix error when updating Alertmanager config with autogenerated receivers #113712, @moustafab
- Security: CVE-2026-28374
- Security: CVE-2026-28376
- Security: CVE-2026-28383
- Security: CVE-2026-28380
- Security: CVE-2026-33376
- Security: CVE-2026-28379
- Security: CVE-2026-33377
- Security: CVE-2026-33378
- Security: CVE-2026-33381
- Security: CVE-2026-33380
12.2.8+security-04
Download page What's new highlights
- Security: CVE-2026-28374
- Security: CVE-2026-28376
- Security: CVE-2026-28383
- Security: CVE-2026-28380
- Security: CVE-2026-33376
- Security: CVE-2026-28379
- Security: CVE-2026-33377
- Security: CVE-2026-33378
- Security: CVE-2026-33381
- Security: CVE-2026-33380
11.6.14+security-04
Download page What's new highlights
- Security: CVE-2026-28374
- Security: CVE-2026-28376
- Security: CVE-2026-28383
- Security: CVE-2026-28380
- Security: CVE-2026-33376
- Security: CVE-2026-28379
- Security: CVE-2026-33377
- Security: CVE-2026-33378
- Security: CVE-2026-33381
- Security: CVE-2026-33380