|
|
Log in / Subscribe / Register

Fedora alert FEDORA-2026-03599f0b32 (cpp-httplib)



From:
              updates--- via package-announce <package-announce@lists.fedoraproject.org>


To:
              package-announce@lists.fedoraproject.org


Subject:
              [SECURITY] Fedora 44 Update: cpp-httplib-0.38.0-1.fc44


Date:
              Tue, 31 Mar 2026 14:47:42 +0000


Message-ID:
              <20260331144742.F06BC795B4@bastion01.rdu3.fedoraproject.org>


Archive-link:
              Article


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-03599f0b32
2026-03-31 14:46:13.737745+00:00
--------------------------------------------------------------------------------

Name        : cpp-httplib
Product     : Fedora 44
Version     : 0.38.0
Release     : 1.fc44
URL         : https://github.com/yhirose/cpp-httplib
Summary     : A C++11 single-file header-only cross platform HTTP/HTTPS library
Description :
A C++11 single-file header-only cross platform HTTP/HTTPS library.

It's extremely easy to setup. Just include the httplib.h file in your code!

--------------------------------------------------------------------------------
Update Information:

Update to 0.38.0 (rhbz#2447261)
Filename sanitization for path traversal prevention — Added sanitize_filename()
to prevent path traversal attacks via malicious filenames in multipart uploads
(83e98a2)
Symlink protection in static file server — Static file serving now detects and
rejects symlinks that point outside the mount directory, preventing symlink-
based directory traversal (f787f31)
Brotli compression support — Added Brotli (br) as a supported content encoding
alongside gzip and deflate (ec1ffbc)
Accept-Encoding quality parameter parsing — The server now parses q= quality
values in the Accept-Encoding header and selects the best encoding accordingly
(bb7c7ab)
SSL proxy connection support — SSLClient can now establish connections through
HTTPS proxies, with a new setup_proxy_connection method for cleaner proxy
handling (f6ed5fc, b1bb2b7)
WebSocket ping interval runtime configuration — WebSocket ping interval can now
be configured at runtime instead of only at compile time (257b266)
Benchmark test suite — Added benchmark tests and configurations for performance
evaluation (ba0d0b8)
Unicode path component decoding tests — Added test coverage for Unicode
characters in decode_path_component (43a54a3)
Documentation updates — Enhanced TLS backend documentation with platform-
specific certificate handling details; clarified progress callback usage and
user data handling in examples (511e3ef, 2e61fd3)
Fix port conflict in test — Fixed port number in
OpenStreamMalformedContentLength test to avoid conflicts (4978f26)
Removed large data tests for GzipDecompressor and SSLClientServerTest that
caused memory issues (5ecba74, 69d468f)
Enabled BindDualStack test (69d468f)
Source: https://github.com/yhirose/cpp-httplib/releases/tag/v0.38.0
Fixes silent TLS certificate verification bypass on HTTPS Redirect via
proxy (CVE-2026-32627, rhbz#2448105)
Source: https://github.com/yhirose/cpp-httplib/releases/tag/v0.37.2
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 17 2026 Petr Menšík <pemensik@redhat.com> - 0.38.0-1
- Update to 0.38.0 (rhbz#2447261)
* Tue Mar 17 2026 Petr Menšík <pemensik@redhat.com> - 0.37.2-1
- Update to 0.37.2
- Fixes silent TLS certificate verification bypass on HTTPS Redirect via
  proxy (CVE-2026-32627, rhbz#2448105)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2447261 - cpp-httplib-0.38.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2447261
  [ 2 ] Bug #2448105 - CVE-2026-32627 cpp-httplib: silent TLS certificate verification bypass on
HTTPS Redirect via proxy [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2448105
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-03599f0b32' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgr...

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------





Attachment: None (type=text/plain)

-- 
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond...
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/package-ann...
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds