mirror of
https://github.com/openwrt/packages.git
synced 2026-04-15 10:51:55 +00:00
3d5f717b7a
This is a security release. Notable Changes * (CVE-2026-21637) wrap SNICallback invocation in try/catch (Matteo Collina) - High * (CVE-2026-21710) use null prototype for headersDistinct/trailersDistinct (Matteo Collina) - High * (CVE-2026-21713) use timing-safe comparison in Web Cryptography HMAC (Filip Skokan) - Medium * (CVE-2026-21714) handle NGHTTP2_ERR_FLOW_CONTROL error code (RafaelGSS) - Medium * (CVE-2026-21717) test array index hash collision (Joyee Cheung) - Medium * (CVE-2026-21715) add permission check to realpath.native (RafaelGSS) - Low * (CVE-2026-21716) include permission check on lib/fs/promises (RafaelGSS) - Low Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>