Fedora Linux 8637 Published by

A caddy security update has been released for Fedora 38.

[SECURITY] Fedora 38 Update: caddy-2.6.4-1.fc38

Fedora Update Notification
2023-08-27 00:43:04.628032

Name : caddy
Product : Fedora 38
Version : 2.6.4
Release : 1.fc38
URL : https://caddyserver.com
Summary : Web server with automatic HTTPS
Description :
Caddy is the web server with automatic HTTPS.

Update Information:

This update takes caddy from 2.5.2 to 2.6.4. The primary purpose is to resolve
a long standing FTBFS related to golang 1.20. The current F38 package is
actually a carried-foward F37 build because of that reason. It also resolves
CVE-2022-41721. This is a fairly significant upgrade with lots of new features
and fixes, but after reviewing the upstream release notes I believe it should
comply with the Fedora updates policy. The upgrade warnings in the release
notes are described as either backwards compatible, marking a directive as
deprecated without removing it, or changes to features that are marked as
experimental. - https://github.com/caddyserver/caddy/releases/tag/v2.6.0 -
https://github.com/caddyserver/caddy/releases/tag/v2.6.1 -
https://github.com/caddyserver/caddy/releases/tag/v2.6.2 -
https://github.com/caddyserver/caddy/releases/tag/v2.6.3 -

* Tue Aug 15 2023 Carl George [carlwgeorge@fedoraproject.org] - 2.6.4-1
- Update to version 2.6.4
- Add man pages
- Use generated shell completion files instead of static ones
- Add fish shell completions
* Wed Jul 19 2023 Fedora Release Engineering [releng@fedoraproject.org] - 2.5.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue Jan 24 2023 Carl George [carl@george.computer] - 2.5.2-3
- Rebuild for CVE-2022-41717 in golang
* Wed Jan 18 2023 Fedora Release Engineering [releng@fedoraproject.org] - 2.5.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild

[ 1 ] Bug #2171455 - caddy: FTBFS in Fedora rawhide/f38
[ 2 ] Bug #2232707 - CVE-2022-41721 caddy: x/net/http2/h2c: request smuggling [fedora-38]

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-74e5545901' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at