SUSE 5703 Published by

SUSE released a coordinated batch of security patches to address critical vulnerabilities across core system libraries and developer tools. The updates target foundational packages including dracut, systemd, glib-networking, and python-maturin, while also securing openQA, transmission, Go 1.25, and the Linux kernel development files. Each announcement details specific CVE identifiers, with severe risks ranging from remote code execution in network scripts to certificate validation failures and container escape exploits.

SUSE-SU-2026:2803-1: important: Security update for dracut
openSUSE-SU-2026:0235-1: moderate: Security update for openQA, os-autoinst
openSUSE-SU-2026:0237-1: moderate: Security update for transmission
SUSE-SU-2026:2809-1: moderate: Security update for systemd
SUSE-SU-2026:2810-1: moderate: Security update for glib-networking
SUSE-SU-2026:2811-1: important: Security update for python-maturin
openSUSE-SU-2026:11213-1: moderate: dirmngr-2.5.21-1.1 on GA media
openSUSE-SU-2026:11212-1: moderate: go1.25-1.25.12-1.1 on GA media
openSUSE-SU-2026:11214-1: moderate: kernel-devel-7.1.3-1.1 on GA media
openSUSE-SU-2026:11211-1: moderate: fluidsynth-2.5.6-1.1 on GA media
openSUSE-SU-2026:11206-1: moderate: sccache-0.16.0~0-2.1 on GA media
openSUSE-SU-2026:11205-1: moderate: rustup-1.28.2~0-4.1 on GA media
openSUSE-SU-2026:11210-1: moderate: cargo-c-0.10.23-1.1 on GA media




SUSE-SU-2026:2803-1: important: Security update for dracut


# Security update for dracut

Announcement ID: SUSE-SU-2026:2803-1
Release Date: 2026-07-08T19:31:32Z
Rating: important
References:

* bsc#1268322

Cross-References:

* CVE-2026-6893

CVSS scores:

* CVE-2026-6893 ( SUSE ): 8.7
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-6893 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-6893 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-6893 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise High Availability Extension 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for dracut fixes the following issue

* CVE-2026-6893: Root code execution via DHCP options command injection
(bsc#1268322).

Changes for dracut:

* Update to version 059+suse.565.g682306ec5:
* fix(network-legacy): sanitize DHCP values in dhclient-script.sh
(bsc#1268322, CVE-2026-6893)
* fix(network-legacy): add input validation to RFC 3442 route parser

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2803=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2803=1

* SUSE Linux Enterprise High Availability Extension 15 SP6
zypper in -t patch SUSE-SLE-Product-HA-15-SP6-2026-2803=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2803=1

## Package List:

* openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64)
* dracut-tools-059+suse.565.g682306ec5-150600.3.29.1
* dracut-extra-059+suse.565.g682306ec5-150600.3.29.1
* dracut-ima-059+suse.565.g682306ec5-150600.3.29.1
* dracut-059+suse.565.g682306ec5-150600.3.29.1
* dracut-debuginfo-059+suse.565.g682306ec5-150600.3.29.1
* dracut-debugsource-059+suse.565.g682306ec5-150600.3.29.1
* dracut-fips-059+suse.565.g682306ec5-150600.3.29.1
* dracut-mkinitrd-deprecated-059+suse.565.g682306ec5-150600.3.29.1
* SUSE Linux Enterprise High Availability Extension 15 SP6 (ppc64le x86_64)
* dracut-debuginfo-059+suse.565.g682306ec5-150600.3.29.1
* dracut-debugsource-059+suse.565.g682306ec5-150600.3.29.1
* dracut-mkinitrd-deprecated-059+suse.565.g682306ec5-150600.3.29.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* dracut-ima-059+suse.565.g682306ec5-150600.3.29.1
* dracut-059+suse.565.g682306ec5-150600.3.29.1
* dracut-debuginfo-059+suse.565.g682306ec5-150600.3.29.1
* dracut-debugsource-059+suse.565.g682306ec5-150600.3.29.1
* dracut-fips-059+suse.565.g682306ec5-150600.3.29.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* dracut-ima-059+suse.565.g682306ec5-150600.3.29.1
* dracut-059+suse.565.g682306ec5-150600.3.29.1
* dracut-debuginfo-059+suse.565.g682306ec5-150600.3.29.1
* dracut-debugsource-059+suse.565.g682306ec5-150600.3.29.1
* dracut-fips-059+suse.565.g682306ec5-150600.3.29.1

## References:

* https://www.suse.com/security/cve/CVE-2026-6893.html
* https://bugzilla.suse.com/show_bug.cgi?id=1268322



openSUSE-SU-2026:0235-1: moderate: Security update for openQA, os-autoinst


openSUSE Security Update: Security update for openQA, os-autoinst
_______________________________

Announcement ID: openSUSE-SU-2026:0235-1
Rating: moderate
References: #1244139 #1245378 #1245379 #1257852 #1258632
#1259005 #1264376
Cross-References: CVE-2026-25547
CVSS scores:
CVE-2026-25547 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that solves one vulnerability and has 6 fixes is
now available.

Description:

This update for openQA, os-autoinst fixes the following issues:

Changes in openQA:
- Update to version 5.1782486535.1bf71ec4:
* fix(details view): Align video link the same as the bugref actions
* fix: Correct call to console.error

- Update to version 5.1782295118.57cb8aa0:
* chore(deps): Dependency cron 2026-06-24
* feat: Don't rewrite history for test result tabs
* chore(deps): Dependency cron 2026-06-23

- Update to version 5.1782133597.39cd80e0:
* refactor: Calculate module category headings in frontend
* chore(deps): Dependency cron 2026-06-20
* test: Make parallel execution of the fullstack test more reliable
* ci: disable Mergify interactive queue controls in PR comments
* feat(worker): enable direct execution with podman
* fix(worker): add --init and --rm flags for containerized engine
* feat(worker): support containerized os-autoinst worker engine
* test: refactor archive download tests for maintainability
* feat: implement category-specific ZIP downloads for jobs
* chore(deps): Dependency cron 2026-06-19

- Update to version 5.1781832185.5ddf5343:
* fix: fix user namespace mapping errors in podman
* chore(mergify): Update the number of required checks
* fix: use webui cache for download all archives
* chore(deps): Dependency cron 2026-06-18
* refactor: Extract changing prio and computing sign
* fix: Fix typos in `t/api/04-jobs.t` and `t/config.t`
* feat: Throttle jobs not using Git-URL as `CASEDIR`
* ci: Change repo paths for SLE-15-SP7 in consistency with os-autoinst
* fix: Avoid unresolvable openQA-devel-test package for SLE-SP7
* feat: improve detection of unexpanded variables in clone-job
* feat: support expanding variables in openqa-clone-job

- Update to version 5.1781712973.4c20e5c1:
* test: make search API tests robust
* fix: resolve openqa-llm-server crash on startup
* chore(deps): Dependency cron 2026-06-17
* feat: Improve job archive generation efficiency and UI
* feat: Efficiently serve job archives via web server redirect
* feat: Add 'Download All' ZIP archive button to job downloads page

- Update to version 5.1781621316.6d025b35:
* refactor: set clean monikers for Mojo services
* feat: use encrypted session cookies
* chore(deps): Dependency cron 2026-06-13
* docs: Mention how to enable UEFI and recently added variables
* docs: fix broken badge syntax in README.md
* feat(apparmor): add current worker profile as generated by aa-logprof
* feat(apparmor): add current worker requirements in /proc and /sys
* chore(deps): Dependency cron 2026-06-12
* git subrepo pull (merge) external/os-autoinst-common
* docs: Fix wrapping in "Job Priority Throttling" section
* fix(apparmor): Allow worker profile to use virt-fw-vars
* fix(livelog): Prevent timeouts due to nginx buffering
* fix: avoid initial delay when replying from livestream
* chore(deps): Dependency cron 2026-06-10
* chore(deps): Dependency cron 2026-06-09
* test: Skip earlier in tests_dependencies.t
* fix: Use reload-or-restart for openQA auto restart worker slots
* fix: Update codecov orb to latest version 6.0.0 fixing PGP error
* chore(deps): Dependency cron 2026-06-06
* fix: Support invent.kde.org and 'work_items' in bug URL handling
* ci(mergify): prevent annoying conflict messages
* docs: Rewrite medium version globbing in more user-facing style
* docs: Mention globbing in "Spawning multiple jobs ???" and "Medium
types"
* feat(scheduling): Allow globbing in version specifications
* fix: Set correct settings for scheduling example test
* refactor: Fix comment regarding `test_preset` INI section

- Update to version 5.1780561853.63760953:
* fix(rpm): eliminate systemd on-disk warnings during worker upgrade
* chore(deps): Dependency cron 2026-06-04
* ci: Run OBS scm checks only for master branch
* fix(systemd): activate inactive workers and reload active ones safely
* chore(deps): Dependency cron 2026-06-03
* test(full-stack): remove redundant ISO size check to be flexible

- Update to version 5.1780410522.ad58d974:
* feat(tests): enable parallel-safe fullstack and developer mode tests
* fix: ignore transient 'database is locked' errors in cache service
* git subrepo pull (merge) --force external/os-autoinst-common
* Revert "fix: avoid permission denied on cgroup creation for v2"
* feat: add run-test-env target to start all local services
* fix: add functional API keys for local test environment
* fix: use absolute paths for local test environment
* feat: Improve CLI retry error feedback with detailed messages
* fix: avoid permission denied on cgroup creation for v2
* ci: Auto-import keys to avoid interactive prompt for devel_openQA
* docs: require atomic commits in agent guidelines
* fix: include file paths in worker logging errors
* chore(AGENTS.md): add rules for ensuring valid commits
* fix: only report job limit in UI when globally reached
* docs: Clarify wording in "Spawning multiple jobs ???"
* docs: Fix wrapping in "Medium Types" section
* docs: Fix wrapping and use of blank lines in "Spawning multiple jobs
???"

- Update to version 5.1780322162.c1836389:
* refactor: Use more readable regex in `process-docs`
* refactor: Turn `process-docs` into proper style-checked Perl script
* feat: Add Makefile target to tidy Shell code
* docs: Fix links in documentation generated via `generate-docs`
* fix(openqa-clone-job): Allow empty API key/secret for auth.method=None
* fix(spec): Supplement bash-completion subpackage against
bash-completion
* docs: Fix broken list under "Further systemd ???" and wrap consistently
* docs: Fix example config for `git_auto_commit`
* docs: Wrap lines consistently under "Terms and variables ???"
* docs: Fix wrapping in "Triggering tests ???" section and below
* docs: Remove Git conflict markers that were missed by b51c609679
* feat: watch worker auto-restart systemd drop-ins for reloads

- Update to version 5.1779808735.8c9bd805:
* docs: Fix link to "Conducting tests" section
* refactor: Use Feature::Compat::Try consistently
* ci: Build packages for SLE 15 SP7 instead of SP6 which reached EOL
* ci: Remove package builds for Leap 15.6 as it reached EOL
* fix: make TESTS selection work again (regression from cd76f31f3)
* feat: add Nginx proxy template for local LLM load balancing
* feat: add openQA-llm-server sub-package for local LLM support
* feat(pyproject): Streamline summary with spec file
* fix: Fix wording in summary of rpm package
* feat: Apply formatting of Python code also to documentation snippets
* feat: Change `openqa-label-all` to satisfy ruff checks
* test: Add target to run format Python code
* test: Add targets to run static Python checks
* feat: Add `pyproject.toml` as in other repositories
* feat(needle-editor): Validate that there is at least one match area
* docs: Reference "Asset handling" section directly
* fix: Fix some wrong uses of "check out"
* docs: Fix broken references in further places
* docs: Fix wrapping in section about importing production data
* docs: Fix broken references in several documentation files
* test(isos post): Assert behavior when specifying parameters twice
* refactor(isos post): Use `$validation` consistently
* fix(spec): add RPM Group tag to all subpackages
* style: Include core perlcritic rules as well
* fix: resolve 'Too many open files' by clearing AssetPack FD cache
* fix: work around DBD::Pg bug regarding INSERT ON CONFLICT row count
* refactor: Remove superfluous Test::MockModule instance
* refactor: Use a hash instead of string eval
* refactor: Use Syntax::Keyword::Try instead of eval
* style: Enforce perlcritic policies regarding eval
* fix: allow worker to start without API keys
* refactor: Split scheduler tests to avoid failing complexity check
* feat: Distinguish parallel jobs in info when cluster cannot be assigned
* fix: Reword misleading message about "incomplete parallel cluster"
* fix(docs): remove zero-length draw.io marker file
* fix(branding): add placeholder content to empty sponsorbox template
* test: fix "Too many open files" in t/api/03-auth.t
* fix: fix security vulnerability in Auth::check and minor typo
* test: fix hmac_sha1_sum calculation in auth tests
* docs: fix typo in Auth controller
* refactor: use DEFAULT_ADMIN constant for admin username
* feat: switch bootstrap to 'None' authentication provider
* fix(packaging): avoid repeating package name in Summary
* fix(packaging): replace obsolete packageand() with boolean Supplements
* fix(build): install openqa-cli.yaml without executable bit
* style: Enforce perlcritic policy Community::EmptyReturn
* ci: Remove `perl-TAP-Harness-JUnit` from devel container again
* ci: Use distinct container introduced by f33029623
* chore: Use ` https://download.opensuse.org` consistently
* feat(worker): Pass reason to web UI when skipping job due to self-check
* feat(worker): Prevent skipping directly chained jobs due to self-checks
* fix(build): add executable bit to dbicdh migration scripts
* refactor: Remove @EXPORT and add %EXPORT_TAGS
* refactor: Move @EXPORT to @EXPORT_OK
* refactor: Remove unused var @EXPORT
* style: Add no critic
* style: Enforce perlcritic policy ProhibitAutomaticExportation
* refactor: Remove non-existing functions from export list
* feat: Require Perl::Critic >= 1.156.0
* style: Enforce perlcritic policy Subroutines::ProhibitManyArgs
* feat: support configurable secrets hiding in UI and API
* chore(deps): Dependency cron 2026-05-16
* chore(deps): Dependency cron 2026-05-15
* chore(deps): Dependency cron 2026-05-14
* refactor(create_admin): switch to Getopt::Long::Descriptive
* style: Enforce perlcritic policy BuiltinFunctions::ProhibitUniversalIsa
* test: Prevent unhandled output after b278ab6dfd3
* style: Enforce perlcritic policy regarding open()
* ci: Add distinct container image for CI
* style: Enforce perlcritic policy Subroutines::ProhibitReturnSort
* style: Enforce perlcritic policy ProhibitReadlineInForLoop
* style: Enforce perlcritic policy Community::POSIXImports
* style: Enforce perlcritic policy ClassHierarchies::ProhibitOneArgBless
* chore(deps): Dependency cron 2026-05-13
* fix: parse URL-derived settings for cloned jobs
* style: Enforce perlcritic policy
TestingAndDebugging::ProhibitNoWarnings
* ci(dependabot): apply deps update cooldown to prevent PR fatigue
* refactor: Improve global variables in SeleniumTest
* style: Enforce perlcritic policy Variables::ProhibitPackageVars
* style: Enforce perlcritic policy Community::ConditionalImplicitReturn
* test: Add `python3-ruff` for static checks of Python scripts
* style: Enforce perlcritic policy CodeLayout::ProhibitHardTabs
* test(worker-engine): Cover all lines of `set_engine_exec`
* chore(ci): Avoid running into authenticity error
* chore(ci): Allow running caching jobs in parallel
* chore(ci): Log installed rpm packages after removing explicit tracking
* chore(ci): Simplify CI runtime using devel container image
* chore(Makefile): Avoid depending on the `which` utility
* fix(apparmor): allow /usr/bin/getopt needed for os-autoinst-scripts
* style: Enforce perlcritic policy ProhibitConditionalUseStatements
* style: Enforce perlcritic policy Subroutines::ProhibitExcessComplexity
* style: enforce perlcritic policy ProhibitCascadingIfElse
* perf(cleanup): replace N+1 per-group queries with single batch query
* style: Enforce perlcritic ProhibitQuotesAsQuotelikeOperatorDelimiters
* style: Enforce perlcritic policy RequirePackageMatchesPodName
* style: Enforce perlcritic policy BuiltinFunctions::ProhibitUselessTopic
* feat(api): filter job statistics by group globs
* test: stabilize test_containers_compose
* test: use IfNotPresent pull policy for postgres init container
* fix(tools): handle pandoc TeX math misinterpretation in API docs
* fix(docs): link to the correct cleanup section
* style: Enforce perlcritic policy Miscellanea::ProhibitUselessNoCritic
* style: Rewrite some for loops in foreach style
* style: Enforce erlcritic policy Modules::ProhibitExcessMainComplexity
* feat(cli): generate shell completions from openqa-cli.yaml
* fix(test overview): Bring query for "Aborted" in-line with accounting
* chore(deps): Dependency cron 2026-05-11
* ci: fix "conflicts with file" problems
* fix: update fast-uri to address security vulnerabilities (boo#1264376)
* docs: Fix wrapping in users guide after Markdown conversion
* feat: add scheduling skip reasons to the webUI

- Update to version 5.1778257070.d9915684:
* docs: show document levels in generated TOC
* feat(search): Add link to job in job modules search
* feat(test overview): Make "Job result/state" in filter form clickable
* test(test overview): Test filtering for "None"
* fix(test overview): Bring query for "None" in-line with accounting
* feat(test overview): Improve accounting for certain states
* feat(test overview): Add distinct counter/button for canceled jobs

- Update to version 5.1778239460.4b750ff3:
* feat(search): Add job id to search results response

- Update to version 5.1778134320.e889287c:
* test: simplify postgres healthcheck in docker-compose
* fix: correctly handle MOJO_CLIENT_DEBUG in Helm chart
* test: add yamale and yamllint to test_helm_chart dependencies
* test: fail early in test_helm_chart if dependencies are missing
* test: use isolated environment for helm chart tests
* test: serialize helm chart test execution
* refactor: Remove superfluous line in script usage
* style: Enforce perlcritic policy Subroutines::RequireArgUnpacking
* fix: ktap: ignore selftest status comments
* fix(apparmor): allow write to /dev/tty necessary for Leap 16
* chore(spec): Exclude devel sub package from builds for Leap < 16
* ci: Ensure all required dependencies are part of the devel container
* fix(apparmor): allow further paths for 16.x

- Update to version 5.1777995277.b985bea2:
* style: Enforce perlcritic policy Variables::ProtectPrivateVars
* fix(docs): Fix links to documentation after converting to Markdown
* docs: fix broken references to former .asciidoc files
* docs: Fix wrapping list of directories after Markdown migration
* docs: Improve documentation of `git_auto_clone` feature
* docs: Make remark about worker cache service clearer using a comma
* docs: Fix casing of Git in the section about setting up Git support
* feat: Include log in IPA results
* feat: enhance dynamic job limit with fast ramp-up

- Update to version 5.1777888278.38a3a85c:
* style: Enforce perlcritic policy ProhibitUselessTopic
* style: Enforce perlcritic policy BuiltinFunctions::RequireBlockGrep

- Update to version 5.1777617029.fd9e1e69:
* style: Enforce perlcritic policy ProhibitSingleCharAlternation
* fix(apparmor): Add jsonnet to worker profile
* style: Enforce perlcritic policy CodeLayout::ProhibitQuotedWordLists
* style: Enforce perlcritic policy RequireNumberSeparators
* build(deps-dev): bump eslint from 10.1.0 to 10.2.1
* style: Enforce perlcritic policy Variables::ProhibitUnusedVariables
* feat: Ensure temporary directory exists when caching assets
* fix(docs): fix mobile view rendering by ensuring CSS override
* chore(lint): extend stylelint to cover documentation CSS
* refactor: break down create_from_settings into smaller functions
* feat: automatically add configurable worker classes to jobs

- Update to version 5.1777474261.55e5cd5e:
* build(deps): bump postcss from 8.5.8 to 8.5.12
* fix(apparmor): adjust the /usr/bin/ssh child profile for 16.x
* fix: Fix rendering bugrefs as links in lists and other structures
* feat: use full job group name for priority check by default
* chore(AGENTS.md): refine coverage requirements
* fix(apparmor): allow worker to execute "df"
* feat: Restore styling and TOC for API documentation
* feat: add "badge" option to openqa-clone-job for markdown output
* fix(AMQP): Avoid keeping unused AMQP connections around
* test: Use more compact syntax in AMQP tests
* test: Use signatures in AMQP tests
* fix(apparmor): allow access to all Python 3 versions
* style: Add tools/ to perlcritic check
* fix(Plugin::IssueReporter): prevent erroneous "mailto" links
* perf: tweak jobs evaluated on job groups based on recent improvement
* fix: try to resolve package conflicts with zypper
* docs: Keep filenames in links for GitHub but strip them in build
* docs: fix typo in WritingTests
* fix: dynamically check pandoc support in generate-documentation
* fix: dynamically check pandoc support in generate-docs
* fix: add python3-weasyprint for build-docs
* feat(ui): Simplify warning about full storage
* feat(scheduler): Consider all relevant paths in storage space check
* docs: Polish rendering and fix conversion artifacts
* style: Enforce perlcritic policy RequireQuotedHeredocTerminator
* refactor: Reduce complexity in openqa-load-templates
* style: Enable strictures before first line of code
* style: Add script/ to perlcritic check
* docs: Mimic Asciidoctor style with custom CSS and Pandoc template
* docs: Fix broken anchors and rendering issues in generate-documentation
* docs: Post-conversion cleanup of artifacts and broken links
* docs: Switch PDF engine to weasyprint in generate-documentation
* docs: Improve glossary highlighting and remove redundant divs
* style: Remove trailing whitespace from Markdown files
* docs: Enable section numbering and clean up index.md
* feat: Convert documentation from AsciiDoc to Markdown
* git subrepo pull (merge) --force external/os-autoinst-common
* fix(t/33-developer_mode): make needle renaming robust
* fix(t/33-developer_mode): bypass storage space check
* build(deps-dev): bump prettier from 3.8.1 to 3.8.3
* build(deps): bump delaunator from 5.0.1 to 5.1.0
* fix(apparmor): adapt snd2png path to os-autoinst#2881
* feat: Throttle consistently failing test scenarios
* test: fix sporadic failure in scheduling-and-worker-scalability
* perf: optimize compute_build_results with DB-level aggregation
* feat: disable dashboard inclusion checkbox if ignored by config
* fix: remove redundant title attribute in group property editor
* refactor: Avoid duplicate access like `$details->{$nickname_field}`
* feat: Make all assignments configurable on login via OAuth2
configurable
* feat: Make assignment of fullname on login via OAuth2 configurable
* fix: Improve auth logic to support API fallback and fix CSRF handling

- Update to version 5.1776705613.1c2c8716:
* ci: ensure full statement coverage

- Update to version 5.1776681647.73d96c66:
* feat(Git): Use nickname as a fallback for fullname
* perf: Select only needed columns in _previous_scenario_jobs
* perf(IssueReporter): Cache regression_links
* feat: ignore "Investigations" job group on dashboard by default
* fix: prevent "Not enough storage" with consistent setting
* refactor: Improve code for `None` auth method
* refactor: Avoid duplicating code for OAuth2 and OpenID auth
* test: Improve OAuth2 tests
* docs: Explain the design of the OAuth2 plugin
* feat: Return to previous page after login via OAuth2
* fix: ensure priority increases for job groups with NULL description
* feat(Makefile): add convenience targets for all services
* feat: Handle deleted/altered system user more gracefully
* fix(worker): handle missing D-Bus socket gracefully
* test: Consider everything we track coverage of as covered
* test: Cover YAML validation script
* feat(cli): support lower-case test argument passing
* feat(mcp): promote endpoint from /experimental/mcp to /mcp

- Update to version 5.1776202410.3448a30a:
* feat(worker): Resolve share directory correctly for relative basedir
* fix: SQL ON CONFLICT constraints for Assets registration
* feat: allow ignoring job groups on dashboard evaluation

- Update to version 5.1776103434.91af0a8b:
* feat: expand parallel test execution in t/testrules.yml
* feat: set no expiration for "None" auth API keys
* fix: Avoid gap between caret and preview container
* refactor(upload): Move chunk size constant to constants module
* refactor(upload): Define chunk size only once
* test: Check for unhandled output by default
* git subrepo pull (merge) external/os-autoinst-common
* perf(upload): Speed up asset uploads
* feat: enable videos for all jobs again
* ci: remove redundant perl-critic GHA covered by circleCI
* ci: separate compile tests into independent job
* test: Move author tests to xt/ and separate compile checks
* fix: use Test::Warnings in 02-perlcritic
* chore(deps): Remove obsolete Freenode::StrictWarnings policy
* chore(ci): bump checkout v4->v6
* feat: implement "None" authentication provider
* feat: Prevent job assignments when running out of space by default
* fix(results_min_free_storage_space_percentage): Allow disabling with
`0`
* fix(results_min_free_storage_space_percentage): Add to `Setup.pm`
* feat: make compute_build_results faster by passing the query for jobs
* feat: optimize comment_data_for_jobs when passed a result set

- Update to version 5.1775828534.8622a781:
* refactor: Rename `results_storage_above_threshold`
* feat: Log a meaningful error message if `check_df` fails
* feat: Add separate setting for scheduler storage space check
* fix: address further XSS in admin_needle.js response loop
* fix: address XSS vulnerability in admin_needle.js handleSingleError
* fix: address further XSS vulnerabilities in admintable.js catch blocks
* fix: address XSS vulnerability in admintable.js catch block
* fix: address XSS vulnerability in ws_console.js sendAndLogCommand
* fix: address XSS vulnerability in ws_console.js logLine
* build(deps): bump lodash from 4.17.23 to 4.18.1
* fix: Calculate upload speed correctly by including milliseconds
* docs: Clarify description of `force_result_regex`
* test: Cover remaining lines of `upgradedb`
* test: Fix missing assignment in upgradedb test
* refactor: Avoid duplicating user handling in database scripts
* fix: Apply force result label correctly if `force_result_regex` is
empty
* test: Verify applying force_result label from carried over comments
* fix: Reference schema files from the installed package for helm lint
* feat: limit job results on group overview and dashboard
* build(deps-dev): bump eslint-plugin-prettier from 5.5.4 to 5.5.5

- Update to version 5.1775643384.e9cf2643:
* fix: Move Workers constants to Constants.pm
* refactor: Remove $VERSION variables from modules
* fix(apparmor): let ipmitool read enterprise-numbers
* fix(apparmor): add rules for xterm-console
* fix(apparmor): allow to start icewm
* fix(apparmor): remove unnecessary rules from x3270 profile
* test: Cover initdb
* fix(apparmor): allow x3270 to write trace files
* fix: Let worker init fail for missing working dir
* ci(mergify): prevent any unused merge queue checks
* test(43-scheduling-and-worker-scalability): automate job count
scenarios
* feat: Show possible candidates for working directory in error message
* test: Cover `t/44-scripts-create_admin.t`
* test: refactor dynamic limit tests to use table-driven approach
* fix(create_admin): Fix order of arguments in help text
* refactor(js): fix lint errors in needlediff.js
* fix(js): disable no-unassigned-vars in ESLint config
* build(deps-dev): upgrade ESLint to 10.1.0 and add missing peer deps
* build(deps-dev): bump eslint from 9.39.2 to 10.0.0
* fix(deps): bump brace-expansion from 5.0.3 to 5.0.4
* fix: avoid redundant commas in job group summary list
* fix: avoid redundant commas in job group summary list
* feat: show priority calculation tooltip on job details page
* feat: allow custom badge labels via query parameter
* feat: refine priority adjustment messages for clarity
* feat: visualize priority calculation in web UI
* feat: increase priority based on job group properties
* build(deps-dev): bump prettier from 3.6.2 to 3.8.1
* build(deps): bump anser from 2.3.2 to 2.3.5
* chore(profiles): allow web UI to read loadavg
* feat: Reduce level of "Failed ??? command" log message further
* test(clone-job): Improve checks of transaction handling
* fix(clone-job): Prevent duplicate jobs after d813ac3655
* fix(clone-job): Restore compatibility with older curl versions
* test: Debug `t/ui/27-plugin_obs_rsync_status_details.t`
* fix: cancel job icon invisible in tests list
* feat(ui): indicate number of previous job restarts in all lists
* refactor(t): use proper subtests and test labels in 10-tests_overview
* feat: Limit list of job groups in summary header box
* feat: Filter job groups in tests overview by availability of results
* chore(deps): Dependency cron 2026-03-31
* refactor(assets): remove deprecated KeyEvent usage
* docs: relocate scheduler and worker load documentation
* feat: dynamically adjust global job limit based on system load
* chore(deps): bump picomatch from 2.3.1 to 2.3.2
* build(deps-dev): bump flatted from 3.4.1 to 3.4.2

- Update to version 5.1774895777.6c2911d1:
* feat: Customizable time_limit_days
* fix: arrow navigation not working in Chrome-based browsers
* style: Remove various magic numbers
* fix: ensure cache sync creates parent directory
* feat: Improve log message when sending command to ws server fails
* refactor: Use `any` instead of `grep` in worker schema
* refactor: Avoid repeated access to `$args{command}` in worker schema
* fix(clone-job): Restore authorized asset downloads after 06bc5193d25b
* fix: restore broken label and flag icons in comments
* feat: support parallel Perl tests with PROVE_JOBS in Makefile
* fix(ui): Prevent build tag labels from rendering in all caps
* feat: replace Test::Strict with Test::Compile in compilation check

- Update to version 5.1774854217.24dbd811:
* style: Fix TestingAndDebugging::RequireUseStrict violations
* style: Fix TestingAndDebugging::ProhibitNoStrict violations
* style: Fix BuiltinFunctions::RequireBlockMap violations
* style: Use only positive conditions for unless
* style: Fix OpenQA::RedundantStrictWarning violations
* style: Fix BuiltinFunctions::ProhibitStringySplit violations
* style: Fix ProhibitInterpolationOfLiterals violations
* style: Fix CodeLayout::ProhibitParensWithBuiltins violations
* style: Run perlcritic also for t/
* chore(deps): Dependency cron 2026-03-28
* feat: complete shim-less migration to Font Awesome 6
* chore: Add dependency for extending `t/11-commands.t`
* chore: Reduce permissions of workflows
* feat: support "always_run" test flag in web UI and API
* feat(Makefile): enable heavy and fullstack tests by default locally
* feat: Retry API calls in `clone-job` like already `openqa-cli` does
* feat: migrate to timeago.js for proper jquery4 compatibility
* feat(clone-job): Retry asset downloads on transient errors
* feat(scheduler): provide visual indication of limited disk space
* feat(scheduler): provide visual indication of limited disk space
* feat(scheduler): prevent openQA depleting storage with new openQA jobs
* refactor(tests): consolidate page loads in 01-list.t
* feat: replace deprecated fork-awesome with Font Awesome 6 Free
* fix(influxdb): prevent empty tags populated to telegraf
* feat(MCP): Add MCP tool annotations

- Update to version 5.1774510397.efec10a7:
* Revert "refactor: Replace jQuery-dependent timeago with vanilla
timeago.js"
* docs(userguide): fix position of job_templates unique id
* docs(amqp): cover usage examples of amqp and slack integration
* feat: Allow resuming asset downloads with `openqa-clone-job`
* feat: migrate to timeago.js for proper jquery4 compatibility
* style: Exclude external/ directory from 01-style.t checks
* style: Fix various perlcritic violations in script/
* git subrepo pull (merge) external/os-autoinst-common

- Update to version 5.1774384552.1377209d:
* test: Add Test::Perl::Critic
* test: Consider everything under `lib/openQA/` covered
* refactor: Avoid duplicate code for making test suite name unique
* test: Consider everything under `lib/OpenQA/Scheduler/` covered
* test: Cover handling missing response from ws server when assigning
jobs
* test: Cover assigning multiple jobs to worker
* refactor: Extract functions to assign jobs in scheduler code
* refactor: Remove probably useless error handling in scheduler code
* test: Cover all cases of sorting criteria in scheduler
* test: Consider everything under `lib/OpenQA/Resource/` covered
* test: Cover remaining uncovered lines in `OpenQA::Resource::Locks`
* refactor: Simplify `unlock` function to be in-line with `lock`
* test: Cover restarting jobs with no job IDs specified
* style: Use ProhibitNegativeExpressionsInUnlessAndUntilConditions
* chore(deps): Dependency cron 2026-03-24
* chore: migrate remaining ESLint settings from legacy to flat config
* style: migrate all JavaScript consistently from var to let/const
* chore(ci): bump javascript check to node 22

- Update to version 5.1774278862.ea002efa:
* refactor: slightly simplify BuildResults
* chore(AGENTS.md): add customized file
* refactor: deduplicate configuration defaults and verify openqa.ini
* fix(ci): fix referencing commit-message-checker
* style: Add Test::Perl::Critic dependency
* docs: document "always_run" test flag
* feat(Makefile): add help text for missing targets
* fix: prevent intermittent failure in t/ui/13-admin.t
* fix: remove fixed container sizing in needlediff view

- Update to version 5.1774104919.9788babf:
* feat: add pre-commit hooks with gitlint
* ci: replace GHA commit-message-checker with os-autoinst-common one
* refactor: replace .gitlint with identical os-autoinst-common one
* git subrepo pull (merge) external/os-autoinst-common
* fix: needlediff view alignment (regression from dc1a3709e)
* fix: robust group property validation and reliable UI tests
* test: Consider the `CacheService` directory fully covered
* test: Mark whole function `_kill_db_accessing_processes` as uncoverable
* test: Track coverage of InfluxDB route of cache service
* refactor: Remove CORE:: prefix from function calls
* fix: avoid duplicating users on provider mismatch
* refactor(Utils): remove unnecessary CORE:: prefix again
* fix: use proper Mojo::Base attribute for developer_session_running
* refactor: convert all remaining lib/ modules to signatures
* fix: use Scalar::Util::set_prototype for compatibility with Perl 5.26.1
* refactor(LiveHandler): convert remaining modules to signatures
* refactor(Scheduler): convert remaining modules to signatures
* refactor(Schema): convert remaining modules to signatures
* refactor(Shared): convert remaining modules to signatures
* refactor(Task): convert remaining modules to signatures
* refactor(WebAPI): convert remaining modules to signatures
* refactor(WebSockets): convert remaining modules to signatures
* refactor(Worker): convert remaining modules to signatures
* refactor(Parser): convert remaining modules to signatures
* refactor(CacheService): convert remaining modules to signatures
* refactor(t::lib::OpenQA): convert remaining modules to signatures
* refactor: Simplify `_handle_command_resume_test_execution`
* chore(t::OpenQA::Test::Utils): remove obsolete "_get_worker" mock
* fix: Add missing Mojo::File import in Parser::Format::Base
* refactor: remove unused function OpenQA::Parser::Result::write_json
* feat(tests): reduce wait_for_ajax default timeout from 5min to 30s
* Revert "feat: modernize test result styling with data attributes"
* refactor: Use File::stat to avoid magic numbers
* refactor: Use Time::Seconds to avoid magic numbers
* chore: adapt openQA for jQuery 4.0.0
* feat: improve local gitlint by picking the most recent base branch
* ci: ensure local gitlint checks all commits in the branch
* ci(check-helm-chart): try harder to download from registry.opensuse.org
* fix: resolve instability in cache-service rsync test
* feat: use localhost instead of manual IP addresses in startup message
* feat: modernize test result styling with data attributes
* fix(audit): show all audit events in the web UI
* docs: Add missing line break to fix Deletion section
* build: integrate stylelint for automated CSS/SCSS styling
* feat: Allow reproducing test with pinned test code via clone-job
* feat(webui): make rendering batch size configurable
* fix: resolve sporadic failure in UI test tabs loading
* fix(investigation): select casedir/needledir correctly when no symlink

- Update to version 5.1773427330.0b172206:
* fix: Display GitHub bugrefs correctly when used within a label
* refactor: Improve style in `t/39-scheduled_products-table.t`
* feat: improve responsiveness of tabs in job details view
* ci(helm): override pullPolicy when install helm via ct
* test: Consider everything under `lib/OpenQA/Schema` covered
* test: Cover generating Gravatar URLs
* test: Cover handling failed job cancellation when scheduling iso
* feat: add zypper clean command in base container
* test: Cover computing Git log diff
* test: Cover adding logs to result file list
* refactor: Simplify and slightly improve `create_asset`
* refactor: Simplify error handling in function for appending job logs
* test: Cover setting and deleting job properties
* test: Cover error handling when duplicating jobs
* test: Mark error handling in `_hashref` as uncoverable
* test: Cover remaining lines of `JobModules.pm`
* refactor: Remove unused function `locked_by_jobs`
* test: Cover removing test suite defaults
* test: Cover rendering description of parent job group
* test: Consider everything under `lib/OpenQA/Script/` covered
* test: Cover `openqa_baseurl` used by clone script
* test: Cover handling unexpected return code in clone script

- Update to version 5.1773333964.ffc5eff5:
* test: Fix unstable test for stacking of parallel tests on overview page

- Update to version 5.1773291834.69acf4b4:
* chore(deps): Dependency cron 2026-03-12
* style: Use HTTP::Status status code constants
* Revert "feat: optimize size of devel:openQA:ci/base container"
* feat: adapt to os-autoinst switching to markdown

- Update to version 5.1773151075.654d76ed:
* refactor: Write `renderComments()` in a more compact way
* fix: Restore spacing between bug and other icons after 9346b7165
* ci(helm): replace internal retry with okurz/retry/
* refactor: Use signature in callback to clarify input parameters
* style: Add three perlcritic rules
* style: Make .perlcriticrc a real file instead of a symlink
* chore(deps): Adjust bot commit message to conventional commits
* test: Add test for rendering `label:linked` with bug reference
* feat: Improve handling non-bugref URLs in `mark_job_linked` after
7f6790
* test: Verify that only one label is added via `mark_job_linked`
* feat: Render labels with bug references as clickable links
* refactor: Improve coding style in `renderComments()`
* feat: Use bugref within label when creating 'Job mentioned in ???'
comment
* docs: document the priority throttling for scheduled jobs
* Dependency cron 2026-03-09
* feat: Streamline "relates to default checkout" condition
* feat: Enable `git_auto_update` if `CASEDIR` and `NEEDLES_DIR` are set
* feat: Support `CASEDIR` lookup introduced in ef229dc also in Git tasks
* fix: Handle error when determining Git server host correctly
* feat: add privacy policy

- Update to version 5.1773068319.a9347c1b:
* docs: Link to latest passed job to ensure the download tab exists
* feat: allow filtering by job result and state in /tests/latest
* style: Always pass a regex match to split
* style: Use map only in block form
* style: Use grep only in block form
* style(gitlint): allow unwrappable longer URLs in git commit message
body
* feat: unify priority management of max_job_time and throttling
* ci(helm): pull container images in advance
* ci(helm): make sure that install-chart runs after lint-chart
* feat: optimize size of devel:openQA:ci/base container
* feat: allow users to delete/anonymize their own account

- Update to version 5.1772722702.3877b2ca:
* style: Use builtin functions without parentheses consistently
* build: update minimatch to fix ReDoS vulnerabilities

- Update to version 5.1772705410.5c7fe0aa:
* style(t): fix formatting of long line in t/37-limit_assets.t
* test(Makefile): treat t/01-style consistently with tidy+compile tests
* ci: cover sporadic download errors with retries
* feat: support show_build=1 for overview badges

- Update to version 5.1772550094.48b5cce5:
* refactor: Improve code for testing OpenID auth
* test: Consider everything under `lib/OpenQA/WebAPI/` covered
* test: Cover all code for OpenID auth
* test: Cover retrying of OBS rsync tasks
* fix: Return correctly when OBS dirty status cannot be determined
* refactor: Remove unused local variable in OBS rsync code
* test: Cover parameter validation warnings code for API descriptions
* fix(config): Drop max_conns to allow proper queueing
* refactor: Improve code in `renderTestLists()`
* feat: Pass all parameters when making AJAX requests on "All tests" page
* feat: Allow use of `job_setting` parameter also on "All tests" page
* refactor: Simplify code for passing query parameters on "All tests"
* fix(dependencies): add missing "make" to devel sub-package
* test: remove stabilized tests from tools/unstable_tests.txt
* test(lib): remove unused "disconnect" function
* test(lib): mark uncovered line

- Update to version 5.1772475695.6c6c7eda:
* build(Makefile): add make target help text
* fix(npm): bump to non-vulerable versions (boo#1259005, boo#1258632)

- Update to version 5.1772460208.7a4e1e06:
* docs: Document array-like job settings and `job_setting` parameter
* test: Ensure test of filter params of jobs API fails if code breaks
* feat: Support searching by job settings in API to list jobs
* refactor: Improve `cancel_by_settings`
* fix: Allow filtering by more than one job setting in various routes
* test: Improve checks in `t/api/02-iso.t`
* feat: Allow searching by job settings via overview routes
* style: use consistent q{} syntax for SQL strings in Cache Model
* refactor: streamline IPC::Run usage and signal handling
* test: remove t/25-cache-service.t from unstable_tests.txt
* test: improve robustness of t/25-cache-service.t
* test: refactor InfluxDB subtest to reduce duplication
* test: improve infrastructure for t/25-cache-service.t
* fix: improve database robustness in Cache model
* fix: log rsync stderr in CacheService::Task::Sync
* test: support OPENQA_TEST_WAIT_INTERVAL in wait_for
* fix(cache): capture stderr and handle exit status robustly in Sync task
* test: make SIGCHLD handler selective in OpenQA::Test::Utils
* docs: document aggregate result badges for overview queries

- Update to version 5.1772092969.74a39650:
* test: Consider all of `lib/OpenQA/Task/` covered
* test: Cover handling developer session when saving needles
* test: Cover further error cases when saving needles
* fix: Fix error handling when saving needle JSON
* test: Workaround limitation of coverage tracking
* feat: Improve needle JSON validation
* test: Cover all cases of needle JSON validation
* fix: Avoid Perl warning when validating needle JSON
* refactor: Simplify code in `_delete_needles`
* test: Cover handling error when asset directory is not writable
* test: Cover skipping screenshot cleanup if still enqueued
* feat(openqa-upstreams.inc): set `max_conns` to max connection handled
* refactor: optimize and harden aggregate overview badges implementation
* refactor: improve aggregate overview badges implementation
* test: consolidate SVG badge unit tests
* feat: implement test result badges for aggregate overview queries

- Update to version 5.1772031289.93bc2a13:
* docs(image): describe the TW image with openQA available in o3
* fix(t/03-auth): avoid 'Too many open files' with mocks
* fix: avoid constant redefinition warnings in ScheduledProducts
* feat: add aggregate favicons for test overview
* build: improve cleanup of generated favicon assets
* feat: add Makefile targets to run services with temporary test database
* ci(helm): increase timeout on ct install
* feat: add gitlint for conventional commit checks

- Update to version 5.1771942065.808b073f:
* test(t/44-scripts): extend to cover Python scripts
* test(t/44-scripts): implement individual timeouts
* fix(script): add early argument validation where missing
* test: harmonize Test::More call format using '+' prefix
* Dependency cron 2026-02-24
* test: refine style check and fix ambiguous test calls
* Replace Ingress with Kubernetes Gateway API for external access
* refactor: ensure consistent test call parentheses format
* chore: add dependency for python3-gitlint commit checks
* tweak: Improve logging of Git output
* tweak: Avoid warnings about invalid revision ranges
* tweak: Use normal warning log messages when encountering Git problems
* fix: Avoid Perl warnings if URL passed to `git_commit_url` is invalid
* docs: Add section about security
* Fix tools/test_helm_chart after Helm chart reorganization
* Update Helm chart documentation
* Move worker subchart under openqa/ and fix connectivity
* Add single openqa parent chart with ingress and nginx
* Remove old helm chart structure

- Update to version 5.1771846996.b67911c1:
* fix: update ajv to fix moderate severity ReDoS vulnerability
* fix: update minimatch override to fix high severity ReDoS vulnerability
* openqa-load-templates: Slightly simplify

- Update to version 5.1771626210.b82f14f2:
* refactor(test/overview): use signatures and clean up code
* refactor(test/overview): reduce duplication

- Update to version 5.1771589939.8f8502b4:
* feat: Improve default `PRODUCTDIR` after ef229dc2
* refactor(ui): simplify removal of empty query parameters (after rebase)
* test(45-make-update-deps): allow bypassing dependency update check
* fix(test): improve UI test robustness by using state-based waiting
* test: Improve workaround for candidates menu not opening sometimes
* docs: Mention use of relative paths in `CASEDIR` to avoid symlinking
* fix: Fix wrong uses of "checkout" that should be "check out"
* feat: support filtering by meta-results+states in /tests/overview
* Revert "feat: Add symlink for aeon in openqa-bootstrap script"
* fix(43-scheduling-and-worker-scalability): prevent sporadic issues
* refactor: use join for properties in determine_free_workers
* fix: do not cache websocket_api_version if not set

- Update to version 5.1771473096.98530511:
* feat(ui): remove empty query parameters from /tests/overview URL
* fix(mcp): set navbar check expression to read-only
* feat: support inverted result filters in /tests/overview
* feat: Allow specifying `CASEDIR` to avoid symlinking
* fix(test): Enable helm install-chart test again
* git subrepo pull (merge) --force external/os-autoinst-common
* feat: Make allowed hosts for SCENARIO_DEFINITIONS_YAML_FILE
configurable
* test: Consider everything under `lib/OpenQA/Shared/` covered
* fix: Provide specific error message if job was removed
`enqueue_???_track`
* refactor: Remove useless error message in `enqueue_and_keep_track`
* test: Cover case of successful executing in `enqueue_and_keep_track`
* refactor: Simplify error handling of `enqueue_and_keep_track`
* test: Cover error handling of `enqueue_and_keep_track`
* test: Consider shared session controller fully covered
* refactor: Avoid duplications in sessions controller
* refactor: Use signatures in session controller code
* test: Cover error handling in case of a bad CRSF token
* test: Cover test route for session
* fix(worker): reject jobs explicitly when worker is stopping
* feat: Remove workaround for codecov and gpg
* feat: Switch to Leap 16 in Helm charts
* feat: Switch to Leap 16.0 in openqa_data container
* feat: Replace all Leap 15.6 with 16.0 in docs and scripts
* test: Cover showing special image when backend has terminated
* fix: Use new apachectl command
* Update openQA containers to Leap 16.0
* test: Extend tests for controller handling live view
* refactor: Move throttling into its own function
* feat(throttling): throttle jobs resources based on parameters size
* refactor: Avoid repeated use of `$t->app->minion` in gru tasks tests
* feat: Allow archiving jobs with infinite important storage durations
* feat: Flag jobs without results as archived for consistency
* feat: Remove one corner case preventing jobs from being archived

- Update to version 5.1770718745.ce2072d3:
* feat(ui): use clickable test overview summary counts for quick
filtering
* build(Makefile): fix uninterruptable tests
* docs: Mention caveats of `???_cleanup_max_free_percentage` setting
* test(25-cache-service): fix race conditions
* test(ui/21-admin-needles): properly wait for modal dialog and deletion
* test(ui/13-admin): properly wait for API key deletion
* test(40-openqa-clone-job): properly isolate from system config
* test(15-asset): bump timeout to current runtime
* chore: fix CVE-2026-25547 (boo#1257852) by overriding minimatch
* build(deps-dev): bump @eslint from 9.36.0 to 9.38.0
* fix(eslint): correct style to be eslint-9.38 compliant
* build(deps-dev): bump @eslint-community/regexpp from 4.12.1 to 4.12.2
* build(deps-dev): bump @eslint/config-array from 0.21.0 to 0.21.1
* build(deps-dev): bump @eslint/object-schema from 2.1.6 to 2.1.7
* refactor: Improve variable names in function to determine expired jobs
* test: Improve name of subtest for archiving
* test: Verify that archiving works regardless of logs/results present
* Dependency cron 2026-02-06
* Bump js-yaml from 4.1.0 to 4.1.1
* build(deps): bump ace-builds from 1.43.3 to 1.43.4

- Update to version 5.1770308102.12dfd0e4:
* fix: Configure sudoers correctly in Leap 16
* Also use devel:openQA/16.0 in dependency bot workflow
* Remove dependencies not available in 16
* Remove all explicit versions from ci-packages.txt
* Explicitly use new cache key for fullstack_cache
* Use devel:openQA 16.0 repositories
* fix: Create user directory without sudo
* refactor(ui): use native DOM APIs for bulk action logic
* Update devel:openQA:ci/base container to Leap 16
* test: Consider all controller code covered
* refactor: Remove unused "group connect" endpoints
* test: Cover `openqa_jobs_by_worker` field of InfluxDB endpoint
* test: Cover all cases of search of audit log table
* refactor: Simplify function to render audit log index page
* test: Add test for `eventid` parameter of audit log page
* test: Cover remaining lines of `Asset.pm`
* Mark some one line catch statements uncoverable
* Move t/07-api_jobtokens.t to t/api/
* refactor: Avoid mapping of actions in df-based cleanup
* refactor: Use loop to invoke `_delete_jobs` repeatedly
* refactor: Simplify code for df-based cleanup further
* refactor: Extract repeated lookup and loop into separate function
* Dependency cron 2026-02-03
* feat(ui): add bulk action checkboxes to test overview filters
* feat(openqa-clone-custom-git-refspec): add "BADGE" mode
* fix(openqa-clone-custom-git-refspec): fix "MARKDOWN" mode
* feat(UI): add delete button for job groups and parent groups
* refactor(javascripts): harden by using const in admin_groups.js
* feat(api): prevent deletion of non-empty parent job groups
* docs: Fix typo in MCP documentation
* docs: Improve note about enabling modern Perl features
* test: Remove unused parameters in `OpenQA::Test::Case::login`
* navbar: add new item in menu to link MCP documentation
* Refactor t/lib/OpenQA/Test/Case.pm with signatures
* test: Consider all API controller code covered
* test: Cover remaining error cases of worker API
* fix: Improve error handling when updating records in admin tables
* test: Ensure consistent coverage of job cancellation function
* Prepare documentation generation for Leap 16.0
* test: Cover remaining lines of `Search.pm`
* test: Cover remaining lines of `Locks.pm`
* refactor: Simplify `JobTemplate::destroy`
* refactor: Remove unused code from `JobTemplate.pm`
* git subrepo pull (merge) external/os-autoinst-common

- Update to version 5.1769644379.ef069e9d:
* style: Add quotes in openqa-bootstrap
* feat: default API key expiration to 1 year, aligning with UI
* feat: wrap array in an object in api_key API responses
* feat: add API endpoint for deleting API keys
* feat: add API endpoint for listing API keys
* feat: add API endpoint for creating API keys
* fix(openqa-bootstrap): prevent shellcheck warning SC2086
* Add dependency on 'file'
* refactor: Write code in `JobGroup.pm` in a more compact way
* test: Consider `Job.pm` fully covered
* test: Add tests for error handling of artefact upload
* refactor: Format artefact upload test in a more compact way
* test: Add tests for using assigned worker on job status updates
* test: Add tests for re-scheduling invalid scheduled product
* test: Add tests for querying non-existent scheduled product
* refactor: Use more compact coding style in `show_scheduled_product`
* refactor: Improve `Mm.pm`
* test: Improve tests of multi-machine API
* Remove unused module Config::Tiny from dependencies
* Handle links on test_log on missing git repo extension
* test: Consider `Test.pm` fully covered
* test: Extend tests for showing dependency graph
* fix: Merge parallel clusters correctly for displaying dependency tree

- Update to version 5.1769550212.662a4f95:
* refactor(investigation): Use TEST_GIT_URL and NEEDLES_GIT_URL
* refactor(investigation): Rename gitrepodir function
* Restart: handle subclassed AMQP plugin
* Revert "Update CircleCI image to Leap 16.0"
* fix: Fix invalid HTML in test creation form
* feat: Make test creation discoverable to all users
* refactor: Simplify/extend flash message templates
* feat: Avoid confusing/wrong "Administrator level required" error
* Update CircleCI image to Leap 16.0
* feat: Support `async=1` flag via `openqa-cli schedule --monitor`
* fix: Avoid serializing `null` click point after e19aee4 and da7cce6b
* test: Fix failing style checks due to test file with invalid YAML
* test: Cover redirection to Git platform via CASEDIR and TEST_GIT_HASH
* fix: Fix error handling when redirecting to Git platform
* test: Distinguish different cases for showing settings files
* test: Cover case of invalid scenario definitions when creating test
* test: Consider `Step.pm` fully covered
* test: Cover case of showing unsupported results
* fix: Improve condition for checking valid step result
* test: Cover case of showing candidate needle with no tags
* refactor: Simplify `calc_matches`
* refactor: Write uncoverable error handler in one line
* refactor: Simplify `_new_screenshot`
* refactor: Rewrite code for screenshot name in a more compact way
* test: Cover options to take images/areas from existing needles
* Use body parameters in POST request
* feat: Add symlink for aeon in openqa-bootstrap script
* chore(deps): bump lodash from 4.17.21 to 4.17.23
* test: Add test for displaying audio results
* test: Cover remaining lines of `File.pm`
* feat: Improve log message about invalid config in df-based cleanup
* feat: Add dry run to df-based cleanup of job results
* Fix grammatic mistakes on the snapshots documentation
* Describe how snapshots work internally
* doc: Improve wording in documentation about space-aware cleanup
* doc: Clarify settings for space-aware cleanup
* doc: Use "file system" consistently in comments in config files
* doc: Wrap comments in `openqa.ini` at 80 characters
* doc: Use "file system" consistently in users documentation
* doc: Mention also `???_cleanup_max_free_percentage`
* doc: Move documentation about space-aware cleanup into its own section
* doc: Use "filesystem" instead of "partition" in config comments
* fix: Account deletion of screenshots of archived jobs correctly
* doc: Mention variables for df-based job result cleanup
* feat: Consider archive as well in df-based cleanup of job results

- Update to version 5.1769068942.639067ee:
* Dependency cron 2026-01-22
* feat: Show limits on "Next & Previous" tab within table

- Update to version 5.1768996386.e3f58202:
* fix: Avoid Perl warning if product spec contains undef values
* GenericBug: Add [QE] to the subject
* doc: Mention version lookup of mediums and special value `*`
* doc: Wrap section about medium types consistently at 80 characters
* doc: Remove surplus white-space
* chore: Improve indentation/wrapping of comment
* feat: Improve error message when product contains no templates
* tests: Improve/add tests for "no products found" case
* KernelBug: Extend the kernel bug template
* feat: Improve error message when falling back to version `*`

- Update to version 5.1768856318.847e4fc7:
* fix(systemd): prevent openqa-gru starting while mounts are unavailable
* fix(systemd): try restarts on failure to be more resilient
* feat: Show when "Next & Previous" jobs are limited
* refactor: Format SQL code for "Next & Previous" jobs more nicely
* refactor: Simplify determining latest job in "Next & Previous" list

- Update to version 5.1768564451.45d5d5b2:
* OpenSuseIssueReporter: Avoid multiple push calls
* unit_tests: Add unit tests for OpenSuseBugzillaUtils
* unit_tests: Adapt the UI tests to the new kernel bug button
* plugins: Introduce OpenSuseIssueReporter for external issue reporting

- Update to version 5.1768402729.462b3957:
* feat: optionally configure fake auth key+secret+expiration

- Update to version 5.1768323619.9a70ab91:
* refactor: Extend tests of df-based cleanup
* fix: Avoid wrong deletion of archived jobs in df-based cleanup
* refactor: Move logic for validating percentage into helper
* refactor: Clarify wording in comment regarding job cleanup
* Use template literals in certain JavaScript code
* Retry delete_needles job on server restart
* Add test for _delete_needles
* feat(OpenQA::Git): Cleanup git dir in commit() on shutdown
* feat: Improve rendering results on the scheduled product page

- Update to version 5.1768209690.f34c2973:
* feat(scheduled-products): Allow adding note to result data
* docs: Use node_modules target
* docs: Mention minimum PostgreSQL version
* ci: Update PostgreSQL in CI/packaging to at least 14
* Revert "Add MCP tool annotations for Claude connector compliance"

- Update to version 5.1767868268.dacbd3f7:
* Add MCP tool annotations for Claude connector compliance

- Update to version 5.1767864265.63cd20df:
* Skip caching for KERNEL and INITRD variables

- Update to version 5.1766150951.2799046e:
* Coverage of openQA: add folder Client/ in codecov.yaml
* Improve openQA coverage of _download_handler in Archive.pm

- Update to version 5.1766053374.57cdeee3:
* fix(docs): Fix indentation in job template examples
* feat(Needle::Save): Adapt to new error handling
* feat(OpenQA::Git): Make error handling more flexible with exceptions

- Update to version 5.1765887110.8fc02990:
* Avoid partial deletion of a screenshot if Minion job is aborted
* Add `SignalBlocker` to delay signal handling during critical sections

- Update to version 5.1765805960.2112d43d:
* fix(codecov): Fix wrong casing for 'fully_covered' entries

- Update to version 5.1765535865.b566a24c:
* fix(codecov): Be strict about coverage thresholds
* Show jobs that have been cloned when `t` parameter is used on overview

- Update to version 5.1765469360.5c0525b5:
* worker: Add coverage for OVS DBus checks
* Fix overview when filtering by test and module result at the same time
* Return signal as part of run_cmd result
* Add scanner for untracked screenshots
* KTAP: Properly hide details of a skipped subtest
* docs: Restory logic of the sentence about NFT vs firewalld
* docs: Clarify DHCP/RA availability on MM networks
* feat: Allow to configure key+secret with env variables

- Update to version 5.1765286149.3debb8ea:
* KTAP: Don't increment parsed_lines_count in "SKIP" lines
* KTAP: Define unparsed_lines and parsed_lines_count

- Update to version 5.1765217707.d6e697fd:
* Test commenting on overview page together with TODO filter
* Fix job IDs that are considered for mass-commenting on overview page

- Update to version 5.1765009312.be30f6e0:
* README: Remove left-over empty badge reference

- Update to version 5.1764349525.ffb59486:
* Also use TIMEOUT_SCALE for priority malus calculation
* docs: Fix wrapping and typo
* Document multi machine ovs flow setup and IPv6 usage
* Avoid computing time constraint for scheduled product cleanup in Perl
* rpm: Move `???-enqueue-needle-ref-cleanup` to other `???-enqueue-???`
scripts
* Add task to limit scheduled products similar to audit events
* Extract generic parts from audit event cleanup task into generic task
* parser: ktap: Show full output by default if no line was parsed
* Ignore npm scripts also via `.npmrc` to make bare npm calls more secure
* Avoid repeating `MAIN_SETTINGS` in various places
* Fix possibly excessive memory use when computer test result overview
* Fix typo in `_prepare_complex_query_search_args`
* Fix indentation in `overview.html.ep`
* Prevent logging AMQP credentials in debug output
* Make restart_openqa_job emit proper event payload
* Enable gru tasks to emit AMQP messages
* Remove explicit loading AMQP plugin in Gru plugin
* Emit restart events when job restarted automatically
* Add debug message about priority malus
* Fix ordering of job groups after 2ad929ceca43d

- Update to version 5.1763743683.1da97aa2:
* Optimize Job Group dropdown database query
* Split dependency handling out of create_from_settings
* Give jobs with high MAX_JOB_TIME a priority malus
* Make the number of builds per group on the front page configurable
* docs: Feature auto-generated deepwiki less prominently
* apparmor: Additional perms for tests in osado to run

- Update to version 5.1763153079.b36ac754:
* Skip a build if there are no jobs
* Remove unused variable

- Update to version 5.1762879267.52145e9a:
* Avoid installing unwanted package versions
* Fix check in git_clone for dirty git dir
* Prevent `t/24-worker-webui-connection.t` from running into timeout
* Be explicit about certain aspects of archiving in the documentation
* Fix sporadic failures in `t/ui/10-tests_overview.t`
* Adapt os-autoinst-scripts reference after rename
* Properly conclude scheduling if there are no jobs

- Update to version 5.1762193001.2f6e71ca:
* Potentially improve stability of `t/ui/16-tests_job_next_previous.t`
* Avoid failing check in `t/16-utils-runcmd.t`
* README: Add deepwiki badge
* Dependency cron 2025-10-27
* Retry image optimizations

- Update to version 5.1761296552.ae7c17aa:
* Add tests for file_security_policy
* Pass parameter $is_userfile to log_url
* Remove redirect and serve files as attachments if necessary
* Serve files uploaded by tests via asset domain
* Use direct link to subdomain for the test assets
* Revert "Don't redirect to asset domain via /needles/ID/(image|json)
route"
* Revert "Don't redirect screenshots, thumbs and needles to files_domain"

- Update to version 5.1761228068.a3a7f84d:
* Dependency cron 2025-10-23

- Update to version 5.1761037330.ad78558e:
* Avoid needless check for number of clones
* Avoid creation of `git_clone` tasks for jobs with empty `DISTRI`

- Update to version 5.1760515610.a802d1dd:
* Lower the prio of archiving jobs to avoid piling up finalize jobs
* Add signatures in Schema::Result::ApiKeys

- Update to version 5.1760245411.e3aeaaec:
* Dependency cron 2025-10-12

- Update to version 5.1760108577.fd2f2a48:
* Log unavailability due to high load only as warning
* Filter job stats of scheduled products also by arch and build
* Document how to disable image optimizations
* Make image optimization errors stop the job producing an incomplete job
* Improve wording in description about job stats API
* Run `optipng` for real and handle errors if it fails

- Update to version 5.1759912962.689b31ed:
* Avoid failing `obs_rsync_run` jobs when restarting `openqa-gru.service`

- Update to version 5.1759834744.06a7028a:
* parser: ktap: Return earlier if subtest result is SKIP
* parser: ktap: Fallback to subtest index if name is not available

- Update to version 5.1759440640.bb989cab:
* Don't redirect to asset domain via /needles/ID/(image|json) route

- Update to version 5.1759402042.49e912c3:
* Introduce array job settings
* Retry `obs_rsync_update_*` tasks if Gru service terminates

- Update to version 5.1759329378.3b8e8685:
* Reduce the number of required checks for Mergify again
* Ensure a failing cache service is seen as such by the worker/scheduler

- Update to version 5.1759248257.70b23b32:
* Increase number of successful checks in Mergify config again
* Disable Helm Chart CI checks temporarily
* Consider all jobs for cleanup, not just jobs that were executed
* Verify job deletion when dependent job present

- Update to version 5.1759149505.49c40b0b:
* Use always the latest PostgreSQL image in Compose and documentation
* Update the PostgreSQL version in the contributing documentation
* Update PostgreSQL data path in Docker Compose file after updating to
v18
* Specify PostgreSQL version in Docker Compose configuration explicitly
* mergify: Allow more time for dependabot update reaction
* Remove version property from docker-compose
* README: Fix openQA badge after switch to UEFI
* build(deps-dev): bump eslint from 9.35.0 to 9.36.0

- Update to version 5.1758910696.7549bb98:
* Replace argument assignment with signatures on ObsRsync/Task
* Enable automatic dependabot updates again after improvements
* docs: Add instructions for a continuous dashboard setup
* Replace argument assignment with signatures Folders package
* Fully cover WebAPI::Plugin::ObsRsync::Controller::Folders
* script: Also use OPENQA_WEBUI_MODE for related services

- Update to version 5.1758814503.03d923a4:
* Use Mojo::File in Worker for is_qemu_running
* Use Mojo::File in Worker for meminfo
* Document archiving of important jobs

- Update to version 5.1758729450.b88c0b40:
* Reject jobs if worker is broken when receiving a new job

- Update to version 5.1758711845.e5c02221:
* script: Allow to configure openQA mode
* t: run at least once Memorylimit register with max_rss_limit > 0
* Replace argument assignation with signatures on MemoryLimit

- Update to version 5.1758632540.ed64f555:
* Check for consistent zypper setting for auto/continuous-update
* Ignore scripts when installing NPM packages in RPM builds
* Avoid installing NPM dev deps unnecessarily in RPM builds
* Avoid installing NPM dev deps unnecessarily in `Makefile`

- Update to version 5.1758551670.e3aa50f9:
* Don't redirect screenshots, thumbs and needles to files_domain
* Cleanup .gitignore files
* Update Dockerfile to setup proxy via script/configure-web-proxy
* Redirect test assets to file_domain if configured
* Make sure assets are generated before listing them

- Update to version 5.1758307053.75367131:
* docs: Fix shell syntax in development setup
* Replace argument assignment with signatures on ObsRsync

- Update to version 5.1758276230.9cef0ea3:
* Treat SVG files as attachment for security reasons
* Fix LegacyKeyValueFormat on openqa_data/Dockerfile

- Update to version 5.1758194931.aa2c9a8b:
* bootstrap-container: Workaround SELinux issue by split of zypper calls
* Prevent abort while doing database interaction in Delete needles

- Update to version 5.1758036156.d3e99d09:
* Temporarily require manual review of Dependabot PRs
* Prevent warning from `DBIx::Class::Storage::TxnScopeGuard`
* Avoid sporadic test failures in `t/ui/15-comments.t`
* Worker: Detect IPMI config and shutdown SUT when unused

- Update to version 5.1757954579.4d0727fe:
* Use of finish method in place of close_connection
* Clean up streamtext signature from unused params
* Fix invocation of `validateJobGroupForm()` when expanding group editor
* Improve showing advanced fields in case there are warnings
* Avoid race condition when creating job asset
* Ensure the `created_by` flag of job assets is set during registration
* Add unit test for 486c6e05ca
* build(deps-dev): bump debug from 4.4.1 to 4.4.3
* Update automatically updated group properties in UI
* Automatically increase important durations to match regular durations

- Update to version 5.1757798615.f8615cd6:
* t: Fix comparison by interpolating variable

- Update to version 5.1757696527.61d51d58:
* Avoid partitioning in raid0 device
* Avoid "Server returned ???" error if there is an actual error message
* Highlight invalid/problematic group config fields in UI when applying
* Improve validation of cleanup configuration
* AMQP: include list of failed modules in job.done messages

- Update to version 5.1757597587.61c22a78:
* Add usage examples of netrc to the access tokens

- Update to version 5.1757512851.666d7dc7:
* build(deps): bump datatables.net-bs5 from 2.3.3 to 2.3.4
* Fix regression handling retention of important jobs
* Use newly introduced `_all_parents` function in `_sort_dep` as well
* Include parallel children when scheduling with `_INCLUDE_CHILDREN=1`
* build(deps-dev): bump eslint from 9.34.0 to 9.35.0
* Fix typos in PosgreSQL related documentation
* Use autoyast ERB helper to detect disk dynamically
* Use find_or_create when registering assets
* Stop logging confusing exception when GruTask is gone
* parser: ktap: Don't add skipped subtests to output
* t: Use proper test description strings in 03-auth.t
* t: Condense variable assignment with ok-check

- Update to version 5.1757135418.ec726f9c:
* Dependency cron 2025-09-06

- Update to version 5.1757084700.fad3731d:
* Ensure no untracked files in unit test run part 2
* Dependency cron 2025-09-05
* Add MCP support as an optional feature
* Allow specifying a full domain via `file_security_policy`
* Allow using a different subdomain via `file_security_policy`
* t: Ensure no leftover files in git directory
* ci: Ensure clean git status with Test::CheckGitStatus

- Update to version 5.1757005118.aac56dbc:
* CI: Fix SLE_15_SP6_Backports repo lookup order
* Add perl(MCP) dependency in preparation for AI support
* build(deps-dev): bump @humanfs/node from 0.16.6 to 0.16.7
* Revert "MCP: Add MCP support as an optional feature"
* Fix typo on Contributing documentation
* Add MCP support as an optional feature
* Reword `can't write` to `Cannot write` as suggested by review comment
* Ensure destination dir for asset downloads exists when cloning jobs
* build(deps): bump ace-builds from 1.43.2 to 1.43.3

- Update to version 5.1756962167.74f0204f:
* Dependency cron 2025-09-04

- Update to version 5.1756905114.bb4fa746:
* Fix syntax error in nginx config
* Mark unconfigured api route log as uncoverable statement
* Increase test coverage for lib/OpenQA/WebAPI/Description.pm
* parser: ktap: Don't write diagnostic data into $subtest_name
* Extend tests for configuring subdomain to serve files
* Avoid job terminated unexpectedly with signal handler in delete needles
* Allow configuring subdomain for serving logs/assets more securely
* Do not invoke Mojo::IOLoop->remove twice
* Add support for Bearer token authentication
* Worker::Engines::isotovideo: Simplify using more Mojo::File
* Worker::Engines::isotovideo: Remove obsolete comment

- Update to version 5.1756479924.9488e2cc:
* docs: Fix typo in path to script folder

- Update to version 5.1756374919.f1ac1b58:
* build(deps): bump bootstrap from 5.3.7 to 5.3.8
* build(deps-dev): bump eslint from 9.33.0 to 9.34.0
* parser: ktap: Sanitize spaces from group name
* Cleanup unused parameter in streamtext
* build(deps): bump datatables.net-bs5 from 2.3.2 to 2.3.3
* Document semantics of low limits for important data
* Log disconnection of the livehandler due to file changes
* Disallow browsing HTML assets/results/logs by default
* Extend coverage on streamtext function of Running.pm
* Fix Too few arguments for subroutine error on close_connection
* Handle 'expand_placeholders' return value consistently

- Update to version 5.1755616303.131c0f0a:
* Add space in concatenation of args and string for the fall back note

- Update to version 5.1755609067.e3c951fe:
* Stash gru_dependencies to avoid helper usage in view
* Move infopanel gru task link creation to the controller
* Create test for GRU task in test details
* Link minion job from openQA job with waiting task

- Update to version 5.1755504216.b51ff4b1:
* Use signatures in worker reactor error handler
* Use signatures in worker job code and related mocking

- Update to version 5.1755366162.ba8741a1:
* Use backticks in docs for querying job settings

- Update to version 5.1755247660.ecd6aa3e:
* Fix return code of worker in error case
* Prevent worker from getting stuck on fatal error during upload
* Describe job_settings/jobs in UsersGuide
* Describe job_settings/jobs in UsersGuide
* Add perlpod for job_settings/jobs
* Fix generation of PDF documentation
* Remove outdated comment in worker error handling
* tests: Extend ktap parser tests to cover TODO directive
* parser: ktap: Polish the ktap parser
* parser: ktap: Add handling of the TODO directive
* parser: ktap: Refactor to use internal state

- Update to version 5.1755087548.49d62b92:
* Add instructions for running a openQA/tools dev environment

- Update to version 5.1754970590.1f9110da:
* build(deps-dev): bump eslint from 9.32.0 to 9.33.0

- Update to version 5.1754903895.e603536f:
* build(deps-dev): bump @eslint/plugin-kit from 0.3.4 to 0.3.5
* build(deps-dev): bump @eslint/core from 0.15.1 to 0.15.2
* build(deps-dev): bump @eslint/config-helpers from 0.3.0 to 0.3.1

- Update to version 5.1754716201.09d147dc:
* Dependency cron 2025-08-09

- Update to version 5.1754665747.0074044f:
* Revert "Rewrote client script from perl to bash to fix heavy tests"
* Revert "Remove test related to deprecated client script"

- Update to version 5.1754567283.cc45a4c0:
* Rewrote client script from perl to bash to fix heavy tests
* Remove script declaration on profiles
* build(deps-dev): bump eslint-plugin-prettier from 5.5.3 to 5.5.4
* Remove test related to deprecated client script
* Obsolete script/client after 4 year deprecation period

- Update to version 5.1754477962.22b1fea4:
* Extend docs on lua test modules

- Update to version 5.1754383059.0426baa1:
* Dependency cron 2025-08-05
* Fix LegacyKeyValueFormat in Dockerfiles

- Update to version 5.1754297241.bf37533a:
* Stop flagging obs_rsync errors as failures
* Mention use of CRITICAL_LOAD_AVG_THRESHOLD

- Update to version 5.1753967288.48036af4:
* Double default storage duration for jobs in database

- Update to version 5.1753868091.5fba34bf:
* docs: Remove deprecated references to openqa-client
* Fix weird validation errors of date time on API keys page
* build(deps-dev): bump eslint from 9.31.0 to 9.32.0
* Simplify `_set_default_storage_durations`
* Rename template for "Show advanced cleanup ???" button
* Use loop to setup validation of cleanup properties
* Validate cleanup fields for important jobs as well
* Ensure advanced cleanup settings are shown if error relates to them
* Improve showing error in group property editor
* Fix id/label/default in group property editor after recent changes
* Move link to documentation next to "Show advanced ???" button
* Improve help popover for retention durations
* Collapse settings for keeping jobs in database longer by default
* Reorder group property editor so important fields come first
* Move lengthy description of cleanup settings to the users guide
* Update and improve documentation about cleanup
* Explain what "important" means in help popover of group properties
* Ensure default config of limits/durations make sense
* Make use of configured job storage duration when limiting jobs
* Extend UI for configuring job storage duration
* Extend job group API for configuring job storage duration
* Add settings for configuring job storage duration
* Add database columns for configuring job storage duration
* Show note about sorting on group overview pages
* Improve documentation section about Python API
* Mention Lua based tests in documentation

- Update to version 5.1753703782.e7ffc367:
* docs: Clarify that openQA is not only Perl
* Use and recommend --ignore-scripts with npm install

- Update to version 5.1753506485.d911de9f:
* Dependency cron 2025-07-26
* Require openssh-clients for git clone with ssh
* Allow empty values in openqa-cli parameters

- Update to version 5.1753359903.308980e8:
* Retrieve oldest/newest build results job in the loop

- Update to version 5.1753279335.b2b4eddc:
* Clarify role of set_var in variable precedence
* Use signatures in code for handling special group columns
* Sort keys in test of job group API
* Avoid duplicated code in job group API code
* Dependency cron 2025-07-23
* build(deps-dev): bump @eslint/plugin-kit from 0.3.3 to 0.3.4
* Allow querying the state of scheduled products by distri/version/flavor
* unit_tests: Add unit tests for KTAP parser
* parser: Add KTAP parser for handling kernel selftests
* Deduplicate openqa-cli options and help

- Update to version 5.1753110584.5810ee79:
* build(deps-dev): bump eslint-plugin-prettier from 5.5.1 to 5.5.3
* build(deps-dev): bump synckit from 0.11.8 to 0.11.11
* build(deps-dev): bump @pkgr/core from 0.2.7 to 0.2.9
* build(deps-dev): bump eslint-config-prettier from 10.1.5 to 10.1.8
* Replace bareword filehandles with lexical filehandles
* Add spaces around signatures
* Do not quote hash keys unless necessary
* Use single quotes where no interpolation is happening
* Fix PostgreSQL startup failure in non-systemd environments
* Support short test urls in openqa-clone-custom-git-refspec
* Escape comments in regexes

- Update to version 5.1753006709.37380d09:
* tidy: Enforce blank lines before subs

- Update to version 5.1752690982.12f3e8e6:
* Add link to Helm in README

- Update to version 5.1752668195.a61b311b:
* Make hint about cloning example repo more prominent
* build(deps): bump ace-builds from 1.43.1 to 1.43.2

- Update to version 5.1752509403.fe96ee50:
* build(deps-dev): bump eslint from 9.30.1 to 9.31.0

- Update to version 5.1752296678.00670b57:
* Dependency cron 2025-07-12

- Update to version 5.1752221648.28a02145:
* Fix build overview timestamps

- Update to version 5.1752164310.2f1c94d6:
* openQA-bootstrap: Replace hardcoded openqa directory path with variable
* Avoid trying to insert job modules without all required fields
* Removed unused and erroneous function `update_backend`
* Validate fields of update status before using them
* Schema::Result::Jobs: Catch undefined parent jobs
* Skip upload of test modules and extra tests with no name
* worker: disconnect dbus from NameOwnerChanged signal (POO #183833)
* Fix race cond when date ref job got deleted while serving build list
* Prevent error when workers config not found, throw warning instead

- Update to version 5.1751964812.235a2034:
* Revert "Update CircleCI image to Leap 16.0"
* Update CircleCI image to Leap 16.0

- Update to version 5.1751898525.cfb73284:
* Avoid `Transaction already destroyed` being logged as error
* Get BUILD time from oldest job if not sorting by newest job per build
* Implement build version sorting by oldest job in build
* Add frontend config option to sort by oldest job per build in jobgroup
* Allow schemeless ip address as job url
* Refactor and add tests for openqa-clone-job
* Convert build version sorting type from bool to int

- Update to version 5.1751834777.ce019b36:
* dist: Simplify dependency for /etc/os-release (boo#1244139)

- Update to version 5.1751707651.71eebf76:
* dbicdh: Cleanup pre-2020 files
* Avoid showing AJAX error on index page when user is navigating
elsewhere
* Dependency cron 2025-07-03
* Avoid showing confusing data in the needles table

- Update to version 5.1751472215.9a30d4e5:
* Discard needles under symlinked locations from needles table
* build(deps): bump ace-builds from 1.43.0 to 1.43.1
* build(deps-dev): bump eslint from 9.30.0 to 9.30.1
* Fix pagination in server-side tables
* openqa-bootstrap: Prevent error about unknown hosts (boo#1245378)
* Bump eslint from 9.29.0 to 9.30.0
* Avoid creating stale needle entries in needle editor when symlinks used

- Update to version 5.1751367844.1d8f9140:
* create_admin: improve search for admin users
* create_admin: fix for POO #179359 changes
* openqa-bootstrap: Allow curl to follow redirects (boo#1245379)
* Fix debugging SQL queries via `OPENQA_SQL_DEBUG`
* Apply dependency changes after adding python3-argparse-manpage
* Use argparse-manpage to create openqa-label-all.1
* Bump prettier from 3.6.0 to 3.6.2
* configure-web-proxy: deal with debian-style sites-available
* apparmor: +/usr/bin/env
* apparmor: additional worker perms
* apparmor: allow access to Arm UEFI (AAVMF) files
* apparmor: enable use of git-lfs for worker
* Bump @eslint/plugin-kit from 0.3.2 to 0.3.3
* Add --odn option to specify openqa.debian.net
* Command.pm: add missing quotes to o3 & osd options
* configure-web-proxy: Use variables for /etc paths

- Update to version 5.1751274619.acdc8609:
* Apply dependency changes after adding python3-argparse-manpage
* Use argparse-manpage to create openqa-label-all.1
* Makefile: generate manpages
* Add manpage (as POD) to openqa-validate-yaml
* Bump prettier from 3.6.0 to 3.6.2
* configure-web-proxy: deal with debian-style sites-available
* Add Documentation to some systemd units
* Add --odn option to specify openqa.debian.net
* Command.pm: add missing quotes to o3 & osd options
* configure-web-proxy: Use variables for /etc paths

- Update to version 5.1751037189.b3da736b:
* Bump prettier from 3.6.0 to 3.6.2
* configure-web-proxy: deal with debian-style sites-available
* apparmor: +/usr/bin/env
* apparmor: additional worker perms
* apparmor: allow access to Arm UEFI (AAVMF) files
* Bump @eslint/plugin-kit from 0.3.2 to 0.3.3
* Add --odn option to specify openqa.debian.net
* Command.pm: add missing quotes to o3 & osd options
* configure-web-proxy: Use variables for /etc paths

- Update to version 5.1750754160.1caccdc7:
* Bump prettier from 3.5.3 to 3.6.0
* Bump ace-builds from 1.42.0 to 1.43.0
* Log less verbose error message for missing files
* Allow dots in test names
* Refactor existing Helm Charts and README

- Update to version 5.1750408965.72531a72:
* Extend single-instance container documentation
* Bump bootstrap from 5.3.6 to 5.3.7
* apparmor: Allow read access to device-tree files

- Update to version 5.1750237596.0e254038:
* Bump eslint-plugin-prettier from 5.4.1 to 5.5.0
* Avoid adding non-fatal API errors as incomplete reason in general
* Avoid misleading errors about the websocket connection

- Update to version 5.1750081859.24dae152:
* Bump eslint from 9.28.0 to 9.29.0
* Document where docs/images/openqa-in-5-minutes.webm comes from
* Fix string definition to be more consistent

- initial package Changes in os-autoinst:
- Update to version 5.1782809557.0ae98f8:
* docs: document testing custom os-autoinst forks within openQA
* feat: Also output module information for wait_serial result steps
* feat: Add module name and step number to autoinst-log
* feat: Log the CASEDIR git url/hash for easy frontend access
* fix: exclude virt-firmware on older Leap ppc64
* fix: stop deepening when repo is no longer shallow

- Update to version 5.1782140090.fe34efb:
* fix: exclude virt-firmware on older Leap ppc64
* style: enforce signatures in anonymous subroutines
* fix: stop deepening when repo is no longer shallow
* ci: disable Mergify interactive queue controls in PR comments
* style(perlcritic): Add Modules::ProhibitConditionalUseStatements
* refactor: improve t/01-test_needle.t structure and style

- Update to version 5.1781797043.0fb1077:
* test: assert Level 3 pretty serial markers
* fix: fallback pretty marker console to 'sut'
* test: fix color test resilience to NO_COLOR
* fix: stop QMP wait hangs on early QEMU exits
* fix: stop autodie unlink crashes in qemu backend
* fix: cleanly recreate virtio console pipe if already exists
* fix: suppress spurious virtio console unlink warnings
* test: reliably assert pipe size adjustments

- Update to version 5.1781702821.22ced0d:
* ci: Avoid unresolvable os-autoinst-openvswitch-test package for SLE-SP7
* fix: Avoid unresolvable os-autoinst-devel-test package for SLE-SP7
* feat: expose detect_serial_marker_capability as public
* chore(mergify): adjust expectations to current OBS checks
* style(perlcritic): Add BuiltinFunctions::RequireBlockGrep

- Update to version 5.1781620242.0160257:
* fix: Fix comment about OVMF firmware locations
* fix(test): fix Test::More precedence in autotest
* git subrepo pull (merge) --force external/os-autoinst-common
* feat: Avoid silent fallback to MS certs with `UEFI_PFLASH_CERTS`
* fix: Fix enrolling cert in UEFI firmware vars for SecureBoot

- Update to version 5.1780506677.7bacdcd:
* test: enable pretty serial markers in full-stack test
* test: replace Core 7.2 ISO with bash-remastered version
* test: add script to remaster Core ISO with bash
* feat!: fail by default if always_rollback is not supported
* fix: Clean up the last VM disks to avoid disk image creation failure
* fix: script_run - type command and marker together on serial console
* fix: fail explicitly on test module basename collisions

- Update to version 5.1780410333.aed07e0:
* fix(test): use linuxboot_dma.bin in 18-backend-qemu.t
* feat: consolidate tidy targets into CMake
* fix: fail explicitly on test module basename collisions
* feat(mouse_drag): use the clickpoints
* test: allow to configure full-stack test output directory
* test: allow shortening long typing in full-stack tests

- Update to version 5.1780332012.6ee8da2:
* chore(AGENTS.md): phrase tidying as mandatory
* feat(mouse_drag): use the clickpoints
* test: allow to configure full-stack test output directory
* test: allow shortening long typing in full-stack tests
* chore: video_stream: accept ustreamer version 8

- Update to version 5.1779973703.70686ac:
* ci: Use CI container in fullstack test as well
* feat: Log details about relevant port if cmd srv cannot be started
* refactor: Move function to get port details to OS utils
* refactor: Use Feature::Compat::Try consistently
* perf: use sourcing for efficient pretty serial marker activation
* fix: Fix condition for devel/deps packages
* feat: use efficient OA_NO_MARKER skip flag for pretty serial markers
* refactor: use __oa_prompt shell function for pretty serial markers
* feat: warn on manual serial terminal redirection in script_run

- Update to version 5.1779461317.d4fb5bd:
* refactor: Use Feature::Compat::Try consistently
* perf: use sourcing for efficient pretty serial marker activation
* fix: Fix condition for devel/deps packages
* fix: Fix condition for Lua support
* ci: Build packages for SLE 15 SP7 instead of SP6 which reached EOL
* ci: Remove package builds for Leap 15.6 as it reached EOL
* feat: use efficient OA_NO_MARKER skip flag for pretty serial markers

- Update to version 5.1778246511.7a6bac3:
* feat(qemu): improve port conflict detection and VNC error diagnostics
* fix: restore serial marker hook after switching users
* fix: handle pre-marker pending text in script_output
* fix: echo json_cmd_token in isotovideo responses
* style: unify copyright headers by dropping years

- Update to version 5.1778097909.35320dd:
* feat(qemu): improve port conflict detection and VNC error diagnostics
* fix: restore serial marker hook after switching users
* fix: handle pre-marker pending text in script_output
* fix: echo json_cmd_token in isotovideo responses
* style: unify copyright headers by dropping years

- Update to version 5.1778069368.c751b82:
* feat(qemu): improve port conflict detection and VNC error diagnostics
* fix: restore serial marker hook after switching users
* fix: handle pre-marker pending text in script_output
* fix: echo json_cmd_token in isotovideo responses
* fix: re-install serial marker hook after console reset

- Update to version 5.1777891128.f572829:
* fix: handle pre-marker pending text in script_output
* fix: echo json_cmd_token in isotovideo responses
* fix: re-install serial marker hook after console reset
* fix: support pretty_serial_markers in script_output regex
* fix(test): handle D-Bus AccessDenied in Open vSwitch test

- Update to version 5.1777537682.913fce0:
* fix: re-install serial marker hook after console reset
* fix: support pretty_serial_markers in script_output regex
* feat: disable storage check in CI environments
* fix(test): handle D-Bus AccessDenied in Open vSwitch test
* fix: Avoid restarting openvswitch/NM after OVS bridge setup
* refactor: import IO::Socket::UNIX explicitly wherever is used

- Update to version 5.1776943886.0619ca6:
* feat: add absolute storage threshold to prevent over-conservative
aborts
* style: Enforce ProhibitNegativeExpressionsInUnlessAndUntilConditions
* style: Enforce perlcritic policy BuiltinFunctions::ProhibitStringySplit
* style: Enforce perlcritic policy BuiltinFunctions::RequireBlockMap
* git subrepo pull (merge) --force external/os-autoinst-common
* chore(mergify): Update required number of successful checks

- Update to version 5.1776765124.5d91657:
* feat: fail explicitly if always_rollback is not supported
* feat: add unique hash to pretty serial markers
* feat: include executed command in step details and serial markers
* docs: explain assert_screen semantics with multiple tags
* feat(debugviewer): Move to /usr/lib
* feat(snd2png): Move to /usr/lib
* feat: Prefer modules in CASEDIR/lib over test module paths

- Update to version 5.1776179508.bd2644d:
* feat: abort test with incomplete if requested HDD size > threshold
* chore: Remove obsolete HashKeyQuotes module
* chore(deps): Remove obsolete Freenode::StrictWarnings policy
* fix(manpages): Fix the output of pod2man
* chore(ci): bump checkout v4->v6

- Update to version 5.1776074266.6a6c5ee:
* fix(manpages): Fix the output of pod2man
* fix(t/08-autotest.t): Fix FTBFS for reproducible builds
* chore(ci): bump checkout v4->v6
* fix: prevent deprecation warning about "spurt"
* style(llm): use indented heredocs for better readability
* refactor: consolidate logic in _detect_serial_marker_capability
* style: use non-capturing group for BASH version detection
* fix(distribution): make PRETTY_SERIAL_MARKER reboot-safe
* refactor: early returns in _detect_serial_marker_capability

- Update to version 5.1775932217.bd11042:
* fix: prevent deprecation warning about "spurt"
* feat(edid): Add virtio-vga-gl support
* style(llm): use indented heredocs for better readability
* refactor: consolidate logic in _detect_serial_marker_capability
* style: use non-capturing group for BASH version detection
* fix(distribution): make PRETTY_SERIAL_MARKER reboot-safe

- Update to version 5.1775744546.1ee50c6:
* style(llm): use indented heredocs for better readability
* refactor: consolidate logic in _detect_serial_marker_capability
* style: use non-capturing group for BASH version detection
* fix(distribution): make PRETTY_SERIAL_MARKER reboot-safe
* refactor: early returns in _detect_serial_marker_capability
* fix(consoles): support newer x3270 versions
* refactor: unconditionally import LLM analysis to fix coverage
* feat(llm): integrate LLM analysis into isotovideo
* feat(llm): add core LLM failure analysis module and tests

- Update to version 5.1775569433.3681116:
* fix(consoles): support newer x3270 versions
* refactor: unconditionally import LLM analysis to fix coverage
* feat(llm): integrate LLM analysis into isotovideo
* feat(llm): add core LLM failure analysis module and tests
* fix(t/34-git): make test resilient to default branch name changes
* chore(AGENTS.md): extend with better proactive style following

- Update to version 5.1774620706.b22e21b:
* feat: Add option to add signatures
* style: Add tool to add Mojo::Base include automatically
* test: Add CoverageWorkaround.pm
* test: Use Syntax::Keyword::Try::Deparse to avoid warnings
* chore: Reduce permissions of remaining workflow
* test: skip t/ files in Test::Compile syntax check
* refactor: Deduplicate svirt tests in t/22-svirt.t

- Update to version 5.1774551362.dd2a78c:
* feat(svirt): add "stop_vm" in consoles::sshVirtsh
* feat: correct isotovideo handle_shutdown log calls
* refactor(consoles/sshVirtsh): properly concatenate remote_vmm
* feat(svirt): retry disk create also in case of copy-img
* chore: Reduce permissions of workflows
* feat(VNC): Add AltGr key

- Update to version 5.1774435114.41aff24:
* style: Remove superfluous use of strict
* git subrepo pull (merge) --force external/os-autoinst-common
* Revert "style: Remove local Perl::Critic::Policy::HashKeyQuotes"
* style: Remove local Perl::Critic::Policy::HashKeyQuotes
* style: Add xt/02-perlcritic.t
* style: Fix Community::WhileDiamondDefaultAssignment
* style: Fix various no strict / no critic violations
* style: Fix OpenQA::HashKeyQuotes
* style: Fix OpenQA::SpaceAfterSubroutineName
* style: Fix ProhibitConditionalDeclarations
* style: Disable OpenQA::RedundantStrictWarning temporarily

- Update to version 5.1774283485.5af53fe:
* Revert "style: Remove local Perl::Critic::Policy::HashKeyQuotes"
* style: Remove local Perl::Critic::Policy::HashKeyQuotes
* style: Add xt/02-perlcritic.t
* style: Fix Community::WhileDiamondDefaultAssignment
* fix(ci): correct import of commit-message-checker
* style: Fix various no strict / no critic violations
* style: Fix OpenQA::HashKeyQuotes

- Update to version 5.1774101470.e82b4cb:
* feat: implement 'always_run' test flag
* refactor: use gitlint from os-autoinst-common
* git subrepo pull (merge) --force external/os-autoinst-common
* feat(snd2png): restore erroneously deleted test
* style: fix copyright in crop.py
* chore: remove unused pyproject line
* chore(deps): Add PPI to development dependencies
* chore(snd2png): update test.png.md5.original based on current snd2png
* test(full-stack): optimize execution time by reducing timeouts
* feat(vnc): make connection retry sleep configurable
* feat: add configurable secret key hiding support

- Update to version 5.1773429030.ba0de6e:
* fix: Correct number of internal test_count
* chore(AGENTS.md): add customized file
* chore(deps): add perl-Test-Perl-Critic dependency for parallel
execution
* fix: Remove logger message from else condition
* style: Use single quotes for strings without interpolation
* docs: convert doc/backend_vars.asciidoc to Markdown
* docs: convert README.asciidoc to Markdown
* docs: convert doc/memorydumps.asciidoc to Markdown
* feat: add gitlint pre-commit setup

- Update to version 5.1773327169.ae7c574:
* chore(AGENTS.md): add customized file
* chore(deps): add perl-Test-Perl-Critic dependency for parallel
execution
* chore(deps): Update perltidy
* fix: Remove logger message from else condition
* docs: convert doc/backend_vars.asciidoc to Markdown
* docs: convert README.asciidoc to Markdown
* docs: convert doc/memorydumps.asciidoc to Markdown
* feat: add gitlint pre-commit setup

- Update to version 5.1773245056.43fc8f0:
* chore(deps): Update perltidy
* fix: Remove logger message from else condition
* style: Use single quotes for strings without interpolation
* fix: restore author tests in CI and optimize git message check
* docs: convert doc/backend_vars.asciidoc to Markdown

- Update to version 5.1773054031.9ab699d:
* chore(deps): Update perltidy
* fix: Remove logger message from else condition
* style: Use single quotes for strings without interpolation
* fix: restore author tests in CI and optimize git message check
* refactor: move scheduling rules out of basetest::is_applicable

- Update to version 5.1772729929.93a4b15:
* feat: normalize gre tunnel script for NetworkManager and wicked
* refactor: use more Mojo::File operations in commands.pm
* refactor: use more Mojo::File operations in bmwqemu.pm
* refactor: use more Mojo::File operations in t/
* refactor: move scheduling rules out of basetest::is_applicable
* feat: add EXIT_AFTER_MODULE to stop after a specified module

- Update to version 5.1772663930.9a9bd7d:
* feat: add EXIT_AFTER_MODULE to stop after a specified module
* fix: Update gre_tunnel_preup script to support NetworkManager
* feat: Handle timeout when typing command in `background_script_run`
* feat: Allow opting-out of check when typing command in `script_run`
* feat: Handle timeout when typing command in `script_run`
* test: implement conventional commits check with gitlint

- Update to version 5.1772097392.f4e2912:
* fix: Update gre_tunnel_preup script to support NetworkManager
* build(Makefile): add top-level help target
* test: implement conventional commits check with gitlint
* fix: Fix wrong uses of "checkout" that should be "check out"
* git subrepo pull (merge) --force external/os-autoinst-common

- Update to version 5.1771958644.63a1790:
* build(Makefile): add top-level help target
* test: implement conventional commits check with gitlint
* fix: Fix wrong uses of "checkout" that should be "check out"
* git subrepo pull (merge) --force external/os-autoinst-common
* style: Fix crop.py style issues
* parse_extra_log: Allow passing additional args to upload_logs

- Update to version 5.1771858186.01b8328:
* test: implement conventional commits check with gitlint
* fix: Fix wrong uses of "checkout" that should be "check out"
* git subrepo pull (merge) --force external/os-autoinst-common
* style: Fix crop.py style issues
* workaround: Remove "get_mempolicy" warning from qemu-img output

- Update to version 5.1771520411.2601197:
* fix: Fix wrong uses of "checkout" that should be "check out"
* git subrepo pull (merge) --force external/os-autoinst-common
* style: Fix crop.py style issues
* workaround: Remove "get_mempolicy" warning from qemu-img output
* parse_extra_log: Allow passing additional args to upload_logs

- Update to version 5.1771353921.c8005c9:
* git subrepo pull (merge) --force external/os-autoinst-common
* style: Fix crop.py style issues
* workaround: Remove "get_mempolicy" warning from qemu-img output
* parse_extra_log: Allow passing additional args to upload_logs
* refactor: Distinguish tests by the script path in `loadtest`
* refactor: Simplify approach for avoiding redefine warnings

- Update to version 5.1770715824.6a80a85:
* style: Fix crop.py style issues
* workaround: Remove "get_mempolicy" warning from qemu-img output
* parse_extra_log: Allow passing additional args to upload_logs
* refactor: Distinguish tests by the script path in `loadtest`
* refactor: Simplify approach for avoiding redefine warnings
* test: Allow running tests with `Test::Warningsparse_serial_output_qemu` without checks
* t: use mock not redefine for lua_set
* setup-multi-machine: extend network service detection

- Update to version 5.1753993900.1487e47:
* backend: Use tpm-tis-device for TPM as default
* Require openssh-clients for git clone with ssh
* Avoid running `$basetest->parse_serial_output_qemu` without checks
* t: use mock not redefine for lua_set
* t: make autotest tests pass if lua and/or python are missing

- Update to version 5.1753467593.10e57cf:
* Require openssh-clients for git clone with ssh
* Avoid running `$basetest->parse_serial_output_qemu` without checks
* t: use mock not redefine for lua_set
* t: make autotest tests pass if lua and/or python are missing
* setup-multi-machine: extend network service detection
* Autodetect default ethernet dev/br in os-autoinst-setup-multi-machine
* Fix category generation for paths to lua test modules

- Update to version 5.1752671185.6fc0c66:
* Avoid running `$basetest->parse_serial_output_qemu` without checks
* t: use mock not redefine for lua_set
* t: make autotest tests pass if lua and/or python are missing
* setup-multi-machine: extend network service detection
* CI: Enable Leap 16.0 OBS build checks

- Update to version 5.1752576096.2a4e8ff:
* Avoid running `$basetest->parse_serial_output_qemu` without checks
* setup-multi-machine: extend network service detection
* CI: Enable Leap 16.0 OBS build checks
* Autodetect default ethernet dev/br in os-autoinst-setup-multi-machine
* Fix category generation for paths to lua test modules

- Update to version 5.1752222511.9791c75:
* setup-multi-machine: extend network service detection
* CI: Enable Leap 16.0 OBS build checks
* Autodetect default ethernet dev/br in os-autoinst-setup-multi-machine
* Fix category generation for paths to lua test modules
* Update Perl::Tidy to 20250616.0.0

- Update to version 5.1751897761.d55ec72:
* CI: Enable Leap 16.0 OBS build checks
* Autodetect default ethernet dev/br in os-autoinst-setup-multi-machine
* Fix category generation for paths to lua test modules
* Update Perl::Tidy to 20250616.0.0
* Workaround coverage issue
* Rename `$mock_main` to `$mock_ovs` in OVS unit test
* Extend logging in OVS service to debug its occasional unresponsiveness

- Update to version 5.1751470028.ff900af:
* Autodetect default ethernet dev/br in os-autoinst-setup-multi-machine
* Fix category generation for paths to lua test modules
* Update Perl::Tidy to 20250616.0.0
* generalhw: fix is_shutdown signature
* Workaround coverage issue

- Update to version 5.1751292366.cb60853:
* Fix category generation for paths to lua test modules
* Update Perl::Tidy to 20250616.0.0
* generalhw: fix is_shutdown signature
* Workaround coverage issue
* Rename `$mock_main` to `$mock_ovs` in OVS unit test
* Extend logging in OVS service to debug its occasional unresponsiveness

- Update to version 5.1750841733.3fc0bf7:
* Update Perl::Tidy to 20250616.0.0
* generalhw: fix is_shutdown signature
* Workaround coverage issue
* Rename `$mock_main` to `$mock_ovs` in OVS unit test
* Extend logging in OVS service to debug its occasional unresponsiveness
* VMWare-related code made compatible with non-GNU ps

- Update to version 5.1750149141.e9a7b3a:
* generalhw: fix is_shutdown signature
* Workaround coverage issue
* Rename `$mock_main` to `$mock_ovs` in OVS unit test
* Extend logging in OVS service to debug its occasional unresponsiveness
* Support Wait() timeout message from newer versions of x3270
* VMWare-related code made compatible with non-GNU ps

- Update to version 5.1750077297.e0e64ba:
* generalhw: fix is_shutdown signature
* Support Wait() timeout message from newer versions of x3270
* VMWare-related code made compatible with non-GNU ps
* Fix error from stricter Git permission checks when checking repo URL
* VMware new routine provide_image_vmware_in_ds
* ci: Remove workaround for Devel::Cover
* Require Inline::Lua
* Add support for lua test modules
* Use CPAN module Test::CheckGitStatus
* Apply macro to support upcoming opensuse/sle 16 build
* Add dependency perl-Test-CheckGitStatus

- Update to version 5.1749816802.bfdf10e:
* Support Wait() timeout message from newer versions of x3270
* VMWare-related code made compatible with non-GNU ps
* Fix error from stricter Git permission checks when checking repo URL
* generalhw: implement is_shutdown
* doc: Fix casing in GENERAL_HW_* descriptions

- Update to version 5.1749203452.c6860a3:
* generalhw: implement is_shutdown
* doc: Fix casing in GENERAL_HW_* descriptions
* VMware new routine provide_image_vmware_in_ds
* ci: Remove workaround for Devel::Cover
* Use CPAN module Test::CheckGitStatus
* Apply macro to support upcoming opensuse/sle 16 build
* Add dependency perl-Test-CheckGitStatus
* t: Catch output in 23-baseclass.t
* ci: Ensure 100% coverage without threshold
* Fix coverage for package statements
* Create link to the common prove_wrapper
* Sync os-autoinst-common with the subrepo external/os-autoinst-common
* Handle unhandled output from qemu and openvswitch tests
* Mitigate perl version mismatch on test case
* Try to increase pipe size for external video encoder
* Avoid warning about uninitialized value
* video_stream: add RGBBGR swapping support
* t: fix frame format used in video_stream
* video_stream: use ustreamer --persistent
* tinycv: scale starting search position if size is different
* Avoid sporadic test failures of fullstack test
* Wrap prove to prevent unhandled output

- Update to version 5.1748859519.44e4a9e:
* ci: Remove workaround for Devel::Cover
* Require Inline::Lua
* Add support for lua test modules
* Use CPAN module Test::CheckGitStatus
* Apply macro to support upcoming opensuse/sle 16 build

- Update to version 5.1747913329.a855b3a:
* t: Catch output in 23-baseclass.t
* ci: Ensure 100% coverage without threshold
* Fix coverage for package statements
* Create link to the common prove_wrapper
* Sync os-autoinst-common with the subrepo external/os-autoinst-common
* Try to increase pipe size for external video encoder
* Avoid warning about uninitialized value
* video_stream: add RGBBGR swapping support
* t: fix frame format used in video_stream
* video_stream: use ustreamer --persistent
* tinycv: scale starting search position if size is different
* Avoid sporadic test failures of fullstack test

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-235=1

Package List:

- openSUSE Backports SLE-15-SP7 (aarch64 ppc64le s390x x86_64):

openQA-5.1782486535.1bf71ec4-bp157.2.9.1
openQA-auto-update-5.1782486535.1bf71ec4-bp157.2.9.1
openQA-bootstrap-5.1782486535.1bf71ec4-bp157.2.9.1
openQA-client-5.1782486535.1bf71ec4-bp157.2.9.1
openQA-client-bash-completion-5.1782486535.1bf71ec4-bp157.2.9.1
openQA-client-zsh-completion-5.1782486535.1bf71ec4-bp157.2.9.1
openQA-common-5.1782486535.1bf71ec4-bp157.2.9.1
openQA-continuous-update-5.1782486535.1bf71ec4-bp157.2.9.1
openQA-doc-5.1782486535.1bf71ec4-bp157.2.9.1
openQA-llm-server-5.1782486535.1bf71ec4-bp157.2.9.1
openQA-local-db-5.1782486535.1bf71ec4-bp157.2.9.1
openQA-mcp-5.1782486535.1bf71ec4-bp157.2.9.1
openQA-munin-5.1782486535.1bf71ec4-bp157.2.9.1
openQA-python-scripts-5.1782486535.1bf71ec4-bp157.2.9.1
openQA-single-instance-5.1782486535.1bf71ec4-bp157.2.9.1
openQA-single-instance-nginx-5.1782486535.1bf71ec4-bp157.2.9.1
openQA-worker-5.1782486535.1bf71ec4-bp157.2.9.1
os-autoinst-5.1782809557.0ae98f8-bp157.2.3.1
os-autoinst-debuginfo-5.1782809557.0ae98f8-bp157.2.3.1
os-autoinst-debugsource-5.1782809557.0ae98f8-bp157.2.3.1
os-autoinst-openvswitch-5.1782809557.0ae98f8-bp157.2.3.1
os-autoinst-swtpm-5.1782809557.0ae98f8-bp157.2.3.1

- openSUSE Backports SLE-15-SP7 (x86_64):

os-autoinst-qemu-kvm-5.1782809557.0ae98f8-bp157.2.3.1
os-autoinst-qemu-x86-5.1782809557.0ae98f8-bp157.2.3.1

References:

https://www.suse.com/security/cve/CVE-2026-25547.html
https://bugzilla.suse.com/1244139
https://bugzilla.suse.com/1245378
https://bugzilla.suse.com/1245379
https://bugzilla.suse.com/1257852
https://bugzilla.suse.com/1258632
https://bugzilla.suse.com/1259005
https://bugzilla.suse.com/1264376



openSUSE-SU-2026:0237-1: moderate: Security update for transmission


openSUSE Security Update: Security update for transmission
_______________________________

Announcement ID: openSUSE-SU-2026:0237-1
Rating: moderate
References: #1267404
Cross-References: CVE-2026-38978
Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that fixes one vulnerability is now available.

Description:

This update for transmission fixes the following issues:

- CVE-2026-38978: add clickjack safeguards when serving http responses
(boo#1267404).

- Update to 4.0.6:
+ Improved parsing HTTP tracker announce response. (#6223)
+ Fixed 4.0.0 bug that caused some user scripts to have an invalid
TR_TORRENT_TRACKERS environment variable. (#6434)
+ Fixed 4.0.0 bug where alt-speed-enabled had no effect in
settings.json. (#6483)
+ Fixed 4.0.0 bug where the GTK client's "Use authentication"
option was not saved between's sessions. (#6514)
+ Fixed 4.0.0 bug where the filename for single-file torrents aren't
sanitized. (#6846)
+ Fixed 4.0.0 bug where piece size description text and slider state in
torrent creation dialog are not always up-to-date.
+ Fixed build when compiling with GTKMM 4. (#6393)
+ Added the launchable desktop-id to metainfo files. (#6779)
+ Fixed build when compiling on BSD. (#6812)
+ Fixed a 4.0.0 bug where the infinite ratio symbol was displayed
incorrectly in the WebUI. (#6491, #6500)
+ Fixed layout issue in speed display. (#6570)
+ General UI improvement related to filterbar and fixes download/upload
speed info wrap. (#6761)
+ Fixed a couple of logging issues. (#6463)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-237=1

Package List:

- openSUSE Backports SLE-15-SP7 (aarch64 ppc64le s390x x86_64):

transmission-4.0.6-bp157.2.3.1
transmission-daemon-4.0.6-bp157.2.3.1
transmission-gtk-4.0.6-bp157.2.3.1
transmission-qt-4.0.6-bp157.2.3.1

- openSUSE Backports SLE-15-SP7 (noarch):

system-user-transmission-4.0.6-bp157.2.3.1
transmission-common-4.0.6-bp157.2.3.1
transmission-gtk-lang-4.0.6-bp157.2.3.1
transmission-qt-lang-4.0.6-bp157.2.3.1

References:

https://www.suse.com/security/cve/CVE-2026-38978.html
https://bugzilla.suse.com/1267404



SUSE-SU-2026:2809-1: moderate: Security update for systemd


# Security update for systemd

Announcement ID: SUSE-SU-2026:2809-1
Release Date: 2026-07-09T06:08:36Z
Rating: moderate
References:

* bsc#1261400
* bsc#1261982
* bsc#1261983
* bsc#1267647

Cross-References:

* CVE-2026-40226

CVSS scores:

* CVE-2026-40226 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-40226 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-40226 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4

An update that solves one vulnerability and has three security fixes can now be
installed.

## Description:

This update for systemd fixes the following issue

Security issues fixed:

* CVE-2026-40226: nspawn: escape-to-host via malformed optional config file
(bsc#1261400).

Other updates and bugfixes:

* Import commit 37508f8ec1 (bsc#1267647).
* Import commit c7530fbea3 (bsc#1261982 bsc#1261983).
* Import commit 5c4ed461a7 (bsc#1261982).
* Import commit 4b963df038 (bsc#1261983).

## Special Instructions and Notes:

* Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2809=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2809=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2809=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2809=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-2809=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2809=1

## Package List:

* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* systemd-journal-remote-debuginfo-249.17-150400.8.64.1
* udev-249.17-150400.8.64.1
* systemd-sysvinit-249.17-150400.8.64.1
* systemd-debuginfo-249.17-150400.8.64.1
* systemd-debugsource-249.17-150400.8.64.1
* systemd-container-249.17-150400.8.64.1
* systemd-container-debuginfo-249.17-150400.8.64.1
* systemd-journal-remote-249.17-150400.8.64.1
* udev-debuginfo-249.17-150400.8.64.1
* libsystemd0-249.17-150400.8.64.1
* libudev1-debuginfo-249.17-150400.8.64.1
* libsystemd0-debuginfo-249.17-150400.8.64.1
* libudev1-249.17-150400.8.64.1
* systemd-249.17-150400.8.64.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* systemd-journal-remote-debuginfo-249.17-150400.8.64.1
* udev-249.17-150400.8.64.1
* systemd-sysvinit-249.17-150400.8.64.1
* systemd-debuginfo-249.17-150400.8.64.1
* systemd-debugsource-249.17-150400.8.64.1
* systemd-container-249.17-150400.8.64.1
* systemd-container-debuginfo-249.17-150400.8.64.1
* systemd-journal-remote-249.17-150400.8.64.1
* udev-debuginfo-249.17-150400.8.64.1
* libsystemd0-249.17-150400.8.64.1
* libudev1-debuginfo-249.17-150400.8.64.1
* libsystemd0-debuginfo-249.17-150400.8.64.1
* libudev1-249.17-150400.8.64.1
* systemd-249.17-150400.8.64.1
* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* systemd-sysvinit-249.17-150400.8.64.1
* systemd-debugsource-249.17-150400.8.64.1
* systemd-mini-doc-249.17-150400.8.64.1
* systemd-container-debuginfo-249.17-150400.8.64.1
* libudev-mini1-249.17-150400.8.64.1
* nss-systemd-249.17-150400.8.64.1
* systemd-mini-249.17-150400.8.64.1
* systemd-journal-remote-249.17-150400.8.64.1
* udev-mini-debuginfo-249.17-150400.8.64.1
* udev-debuginfo-249.17-150400.8.64.1
* libudev-mini1-debuginfo-249.17-150400.8.64.1
* systemd-portable-249.17-150400.8.64.1
* libsystemd0-debuginfo-249.17-150400.8.64.1
* libsystemd0-mini-debuginfo-249.17-150400.8.64.1
* systemd-experimental-249.17-150400.8.64.1
* systemd-testsuite-249.17-150400.8.64.1
* systemd-debuginfo-249.17-150400.8.64.1
* systemd-mini-devel-249.17-150400.8.64.1
* systemd-coredump-debuginfo-249.17-150400.8.64.1
* systemd-mini-container-debuginfo-249.17-150400.8.64.1
* systemd-network-debuginfo-249.17-150400.8.64.1
* systemd-mini-debuginfo-249.17-150400.8.64.1
* libudev1-debuginfo-249.17-150400.8.64.1
* libsystemd0-249.17-150400.8.64.1
* systemd-devel-249.17-150400.8.64.1
* nss-systemd-debuginfo-249.17-150400.8.64.1
* systemd-experimental-debuginfo-249.17-150400.8.64.1
* systemd-249.17-150400.8.64.1
* udev-mini-249.17-150400.8.64.1
* systemd-journal-remote-debuginfo-249.17-150400.8.64.1
* systemd-testsuite-debuginfo-249.17-150400.8.64.1
* systemd-mini-debugsource-249.17-150400.8.64.1
* systemd-mini-sysvinit-249.17-150400.8.64.1
* systemd-coredump-249.17-150400.8.64.1
* nss-myhostname-249.17-150400.8.64.1
* systemd-doc-249.17-150400.8.64.1
* udev-249.17-150400.8.64.1
* systemd-container-249.17-150400.8.64.1
* systemd-mini-container-249.17-150400.8.64.1
* nss-myhostname-debuginfo-249.17-150400.8.64.1
* systemd-portable-debuginfo-249.17-150400.8.64.1
* libsystemd0-mini-249.17-150400.8.64.1
* systemd-network-249.17-150400.8.64.1
* libudev1-249.17-150400.8.64.1
* openSUSE Leap 15.4 (x86_64)
* nss-myhostname-32bit-debuginfo-249.17-150400.8.64.1
* libudev1-32bit-249.17-150400.8.64.1
* libudev1-32bit-debuginfo-249.17-150400.8.64.1
* nss-myhostname-32bit-249.17-150400.8.64.1
* systemd-32bit-249.17-150400.8.64.1
* systemd-32bit-debuginfo-249.17-150400.8.64.1
* libsystemd0-32bit-debuginfo-249.17-150400.8.64.1
* libsystemd0-32bit-249.17-150400.8.64.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* nss-myhostname-64bit-debuginfo-249.17-150400.8.64.1
* systemd-64bit-debuginfo-249.17-150400.8.64.1
* libudev1-64bit-249.17-150400.8.64.1
* systemd-64bit-249.17-150400.8.64.1
* nss-myhostname-64bit-249.17-150400.8.64.1
* libudev1-64bit-debuginfo-249.17-150400.8.64.1
* libsystemd0-64bit-249.17-150400.8.64.1
* libsystemd0-64bit-debuginfo-249.17-150400.8.64.1
* openSUSE Leap 15.4 (noarch)
* systemd-lang-249.17-150400.8.64.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* systemd-journal-remote-debuginfo-249.17-150400.8.64.1
* udev-249.17-150400.8.64.1
* systemd-sysvinit-249.17-150400.8.64.1
* systemd-debuginfo-249.17-150400.8.64.1
* systemd-container-249.17-150400.8.64.1
* systemd-debugsource-249.17-150400.8.64.1
* systemd-container-debuginfo-249.17-150400.8.64.1
* systemd-journal-remote-249.17-150400.8.64.1
* udev-debuginfo-249.17-150400.8.64.1
* libsystemd0-249.17-150400.8.64.1
* libudev1-debuginfo-249.17-150400.8.64.1
* libsystemd0-debuginfo-249.17-150400.8.64.1
* libudev1-249.17-150400.8.64.1
* systemd-249.17-150400.8.64.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* systemd-journal-remote-debuginfo-249.17-150400.8.64.1
* udev-249.17-150400.8.64.1
* systemd-sysvinit-249.17-150400.8.64.1
* systemd-container-249.17-150400.8.64.1
* systemd-debugsource-249.17-150400.8.64.1
* systemd-debuginfo-249.17-150400.8.64.1
* systemd-container-debuginfo-249.17-150400.8.64.1
* systemd-journal-remote-249.17-150400.8.64.1
* udev-debuginfo-249.17-150400.8.64.1
* libsystemd0-249.17-150400.8.64.1
* libudev1-debuginfo-249.17-150400.8.64.1
* libsystemd0-debuginfo-249.17-150400.8.64.1
* libudev1-249.17-150400.8.64.1
* systemd-249.17-150400.8.64.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* systemd-journal-remote-debuginfo-249.17-150400.8.64.1
* udev-249.17-150400.8.64.1
* systemd-sysvinit-249.17-150400.8.64.1
* systemd-container-249.17-150400.8.64.1
* systemd-debugsource-249.17-150400.8.64.1
* systemd-debuginfo-249.17-150400.8.64.1
* systemd-container-debuginfo-249.17-150400.8.64.1
* systemd-journal-remote-249.17-150400.8.64.1
* udev-debuginfo-249.17-150400.8.64.1
* libsystemd0-249.17-150400.8.64.1
* libudev1-debuginfo-249.17-150400.8.64.1
* libsystemd0-debuginfo-249.17-150400.8.64.1
* libudev1-249.17-150400.8.64.1
* systemd-249.17-150400.8.64.1

## References:

* https://www.suse.com/security/cve/CVE-2026-40226.html
* https://bugzilla.suse.com/show_bug.cgi?id=1261400
* https://bugzilla.suse.com/show_bug.cgi?id=1261982
* https://bugzilla.suse.com/show_bug.cgi?id=1261983
* https://bugzilla.suse.com/show_bug.cgi?id=1267647



SUSE-SU-2026:2810-1: moderate: Security update for glib-networking


# Security update for glib-networking

Announcement ID: SUSE-SU-2026:2810-1
Release Date: 2026-07-09T06:14:47Z
Rating: moderate
References:

* bsc#1267979

Cross-References:

* CVE-2026-10028

CVSS scores:

* CVE-2026-10028 ( SUSE ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-10028 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-10028 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4

An update that solves one vulnerability can now be installed.

## Description:

This update for glib-networking fixes the following issue

* CVE-2026-10028: two certificates which are each signed by the other can lead
to an infinite loop (bsc#1267979).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-2810=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2810=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2810=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2810=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2810=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2810=1

## Package List:

* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* glib-networking-2.70.1-150400.3.3.1
* glib-networking-debuginfo-2.70.1-150400.3.3.1
* glib-networking-debugsource-2.70.1-150400.3.3.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* glib-networking-2.70.1-150400.3.3.1
* glib-networking-debuginfo-2.70.1-150400.3.3.1
* glib-networking-debugsource-2.70.1-150400.3.3.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* glib-networking-2.70.1-150400.3.3.1
* glib-networking-debuginfo-2.70.1-150400.3.3.1
* glib-networking-debugsource-2.70.1-150400.3.3.1
* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* glib-networking-2.70.1-150400.3.3.1
* glib-networking-debuginfo-2.70.1-150400.3.3.1
* glib-networking-debugsource-2.70.1-150400.3.3.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* glib-networking-64bit-2.70.1-150400.3.3.1
* glib-networking-64bit-debuginfo-2.70.1-150400.3.3.1
* openSUSE Leap 15.4 (x86_64)
* glib-networking-32bit-debuginfo-2.70.1-150400.3.3.1
* glib-networking-32bit-2.70.1-150400.3.3.1
* openSUSE Leap 15.4 (noarch)
* glib-networking-lang-2.70.1-150400.3.3.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* glib-networking-2.70.1-150400.3.3.1
* glib-networking-debuginfo-2.70.1-150400.3.3.1
* glib-networking-debugsource-2.70.1-150400.3.3.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* glib-networking-2.70.1-150400.3.3.1
* glib-networking-debuginfo-2.70.1-150400.3.3.1
* glib-networking-debugsource-2.70.1-150400.3.3.1

## References:

* https://www.suse.com/security/cve/CVE-2026-10028.html
* https://bugzilla.suse.com/show_bug.cgi?id=1267979



SUSE-SU-2026:2811-1: important: Security update for python-maturin


# Security update for python-maturin

Announcement ID: SUSE-SU-2026:2811-1
Release Date: 2026-07-09T06:25:49Z
Rating: important
References:

* bsc#1270208
* bsc#1270515
* bsc#1270620
* bsc#1270706
* bsc#1270772
* bsc#1270801
* bsc#1270936
* bsc#1270994

Cross-References:

* CVE-2026-41676
* CVE-2026-41677
* CVE-2026-41678
* CVE-2026-41681
* CVE-2026-41898
* CVE-2026-42327
* CVE-2026-44662
* CVE-2026-45784

CVSS scores:

* CVE-2026-41676 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-41676 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-41676 ( NVD ): 7.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-41676 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-41677 ( SUSE ): 1.7
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
* CVE-2026-41677 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-41677 ( NVD ): 1.7
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-41677 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-41678 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-41678 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-41678 ( NVD ): 7.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-41678 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-41681 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-41681 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-41681 ( NVD ): 8.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-41681 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-41898 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-41898 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L
* CVE-2026-41898 ( NVD ): 8.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-41898 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-42327 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-42327 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-42327 ( NVD ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-44662 ( SUSE ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-44662 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2026-44662 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-45784 ( SUSE ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-45784 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Affected Products:

* openSUSE Leap 15.6

An update that solves eight vulnerabilities can now be installed.

## Description:

This update for python-maturin fixes the following issues

* CVE-2026-41676: openssl: `Deriver:derive` and `PkeyCtxRef:derive` can
overflow short buffers on OpenSSL 1.1.1 (bsc#1270208).
* CVE-2026-41677: openssl: out-of-bounds read in PEM password callback when
returning an oversized length (bsc#1270620).
* CVE-2026-41678: openssl: out-of-bounds write due to incorrect bounds
assertion in `aes::unwrap_key()` (bsc#1270706).
* CVE-2026-41681: openssl: `MdCtxRef::digest_final()` writes past caller
buffer with no length check (bsc#1270772).
* CVE-2026-41898: openssl: unchecked callback-returned length in PSK and
cookie generate trampolines can leak adjacent memory to the network
(bsc#1270801).
* CVE-2026-42327: openssl: undefined behavior in `X509Ref::ocsp_responders`
for certificates with non-UTF-8 OCSP URLs (bsc#1270515).
* CVE-2026-44662: openssl: heap buffer overflow when encrypting with AES key-
wrap-with-padding due to incorrectly sized output buffers (bsc#1270936).
* CVE-2026-45784: openssl: out-of-bounds write in
`CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers due to
incorrectly sized output buffer (bsc#1270994).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2811=1

## Package List:

* openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64)
* python311-maturin-1.4.0-150600.3.15.1

## References:

* https://www.suse.com/security/cve/CVE-2026-41676.html
* https://www.suse.com/security/cve/CVE-2026-41677.html
* https://www.suse.com/security/cve/CVE-2026-41678.html
* https://www.suse.com/security/cve/CVE-2026-41681.html
* https://www.suse.com/security/cve/CVE-2026-41898.html
* https://www.suse.com/security/cve/CVE-2026-42327.html
* https://www.suse.com/security/cve/CVE-2026-44662.html
* https://www.suse.com/security/cve/CVE-2026-45784.html
* https://bugzilla.suse.com/show_bug.cgi?id=1270208
* https://bugzilla.suse.com/show_bug.cgi?id=1270515
* https://bugzilla.suse.com/show_bug.cgi?id=1270620
* https://bugzilla.suse.com/show_bug.cgi?id=1270706
* https://bugzilla.suse.com/show_bug.cgi?id=1270772
* https://bugzilla.suse.com/show_bug.cgi?id=1270801
* https://bugzilla.suse.com/show_bug.cgi?id=1270936
* https://bugzilla.suse.com/show_bug.cgi?id=1270994



openSUSE-SU-2026:11213-1: moderate: dirmngr-2.5.21-1.1 on GA media


# dirmngr-2.5.21-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11213-1
Rating: moderate

Cross-References:

* CVE-2026-57062

CVSS scores:

* CVE-2026-57062 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-57062 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the dirmngr-2.5.21-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* dirmngr 2.5.21-1.1
* gpg2 2.5.21-1.1
* gpg2-lang 2.5.21-1.1
* gpg2-tpm 2.5.21-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-57062.html



openSUSE-SU-2026:11212-1: moderate: go1.25-1.25.12-1.1 on GA media


# go1.25-1.25.12-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11212-1
Rating: moderate

Cross-References:

* CVE-2026-39822
* CVE-2026-42505

CVSS scores:

* CVE-2026-39822 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2026-42505 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the go1.25-1.25.12-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* go1.25 1.25.12-1.1
* go1.25-doc 1.25.12-1.1
* go1.25-race 1.25.12-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-39822.html
* https://www.suse.com/security/cve/CVE-2026-42505.html



openSUSE-SU-2026:11214-1: moderate: kernel-devel-7.1.3-1.1 on GA media


# kernel-devel-7.1.3-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11214-1
Rating: moderate

Cross-References:

* CVE-2026-53359
* CVE-2026-53362

CVSS scores:

* CVE-2026-53359 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-53359 ( SUSE ): 9.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2026-53362 ( SUSE ): 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-53362 ( SUSE ): 9 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the kernel-devel-7.1.3-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* kernel-devel 7.1.3-1.1
* kernel-macros 7.1.3-1.1
* kernel-source 7.1.3-1.1
* kernel-source-vanilla 7.1.3-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-53359.html
* https://www.suse.com/security/cve/CVE-2026-53362.html



openSUSE-SU-2026:11211-1: moderate: fluidsynth-2.5.6-1.1 on GA media


# fluidsynth-2.5.6-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11211-1
Rating: moderate

Cross-References:

* CVE-2026-58264

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the fluidsynth-2.5.6-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* fluidsynth 2.5.6-1.1
* fluidsynth-devel 2.5.6-1.1
* libfluidsynth3 2.5.6-1.1
* libfluidsynth3-32bit 2.5.6-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-58264.html



openSUSE-SU-2026:11206-1: moderate: sccache-0.16.0~0-2.1 on GA media


# sccache-0.16.0~0-2.1 on GA media

Announcement ID: openSUSE-SU-2026:11206-1
Rating: moderate

Cross-References:

* CVE-2026-41676

CVSS scores:

* CVE-2026-41676 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-41676 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the sccache-0.16.0~0-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* sccache 0.16.0~0-2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-41676.html



openSUSE-SU-2026:11205-1: moderate: rustup-1.28.2~0-4.1 on GA media


# rustup-1.28.2~0-4.1 on GA media

Announcement ID: openSUSE-SU-2026:11205-1
Rating: moderate

Cross-References:

* CVE-2026-41676

CVSS scores:

* CVE-2026-41676 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-41676 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the rustup-1.28.2~0-4.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* rustup 1.28.2~0-4.1

## References:

* https://www.suse.com/security/cve/CVE-2026-41676.html



openSUSE-SU-2026:11210-1: moderate: cargo-c-0.10.23-1.1 on GA media


# cargo-c-0.10.23-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11210-1
Rating: moderate

Cross-References:

* CVE-2026-41676
* CVE-2026-41677
* CVE-2026-41678
* CVE-2026-41681
* CVE-2026-41898
* CVE-2026-42327
* CVE-2026-44662
* CVE-2026-45784

CVSS scores:

* CVE-2026-41676 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-41676 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-41677 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-41677 ( SUSE ): 1.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
* CVE-2026-41678 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-41678 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-41681 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-41681 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-41898 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L
* CVE-2026-41898 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-42327 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-42327 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-44662 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2026-44662 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-45784 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2026-45784 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 8 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the cargo-c-0.10.23-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* cargo-c 0.10.23-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-41676.html
* https://www.suse.com/security/cve/CVE-2026-41677.html
* https://www.suse.com/security/cve/CVE-2026-41678.html
* https://www.suse.com/security/cve/CVE-2026-41681.html
* https://www.suse.com/security/cve/CVE-2026-41898.html
* https://www.suse.com/security/cve/CVE-2026-42327.html
* https://www.suse.com/security/cve/CVE-2026-44662.html
* https://www.suse.com/security/cve/CVE-2026-45784.html