SUSE-SU-2026:2803-1: important: Security update for dracut
openSUSE-SU-2026:0235-1: moderate: Security update for openQA, os-autoinst
openSUSE-SU-2026:0237-1: moderate: Security update for transmission
SUSE-SU-2026:2809-1: moderate: Security update for systemd
SUSE-SU-2026:2810-1: moderate: Security update for glib-networking
SUSE-SU-2026:2811-1: important: Security update for python-maturin
openSUSE-SU-2026:11213-1: moderate: dirmngr-2.5.21-1.1 on GA media
openSUSE-SU-2026:11212-1: moderate: go1.25-1.25.12-1.1 on GA media
openSUSE-SU-2026:11214-1: moderate: kernel-devel-7.1.3-1.1 on GA media
openSUSE-SU-2026:11211-1: moderate: fluidsynth-2.5.6-1.1 on GA media
openSUSE-SU-2026:11206-1: moderate: sccache-0.16.0~0-2.1 on GA media
openSUSE-SU-2026:11205-1: moderate: rustup-1.28.2~0-4.1 on GA media
openSUSE-SU-2026:11210-1: moderate: cargo-c-0.10.23-1.1 on GA media
SUSE-SU-2026:2803-1: important: Security update for dracut
# Security update for dracut
Announcement ID: SUSE-SU-2026:2803-1
Release Date: 2026-07-08T19:31:32Z
Rating: important
References:
* bsc#1268322
Cross-References:
* CVE-2026-6893
CVSS scores:
* CVE-2026-6893 ( SUSE ): 8.7
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-6893 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-6893 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-6893 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise High Availability Extension 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves one vulnerability can now be installed.
## Description:
This update for dracut fixes the following issue
* CVE-2026-6893: Root code execution via DHCP options command injection
(bsc#1268322).
Changes for dracut:
* Update to version 059+suse.565.g682306ec5:
* fix(network-legacy): sanitize DHCP values in dhclient-script.sh
(bsc#1268322, CVE-2026-6893)
* fix(network-legacy): add input validation to RFC 3442 route parser
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2803=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2803=1
* SUSE Linux Enterprise High Availability Extension 15 SP6
zypper in -t patch SUSE-SLE-Product-HA-15-SP6-2026-2803=1
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2803=1
## Package List:
* openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64)
* dracut-tools-059+suse.565.g682306ec5-150600.3.29.1
* dracut-extra-059+suse.565.g682306ec5-150600.3.29.1
* dracut-ima-059+suse.565.g682306ec5-150600.3.29.1
* dracut-059+suse.565.g682306ec5-150600.3.29.1
* dracut-debuginfo-059+suse.565.g682306ec5-150600.3.29.1
* dracut-debugsource-059+suse.565.g682306ec5-150600.3.29.1
* dracut-fips-059+suse.565.g682306ec5-150600.3.29.1
* dracut-mkinitrd-deprecated-059+suse.565.g682306ec5-150600.3.29.1
* SUSE Linux Enterprise High Availability Extension 15 SP6 (ppc64le x86_64)
* dracut-debuginfo-059+suse.565.g682306ec5-150600.3.29.1
* dracut-debugsource-059+suse.565.g682306ec5-150600.3.29.1
* dracut-mkinitrd-deprecated-059+suse.565.g682306ec5-150600.3.29.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* dracut-ima-059+suse.565.g682306ec5-150600.3.29.1
* dracut-059+suse.565.g682306ec5-150600.3.29.1
* dracut-debuginfo-059+suse.565.g682306ec5-150600.3.29.1
* dracut-debugsource-059+suse.565.g682306ec5-150600.3.29.1
* dracut-fips-059+suse.565.g682306ec5-150600.3.29.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* dracut-ima-059+suse.565.g682306ec5-150600.3.29.1
* dracut-059+suse.565.g682306ec5-150600.3.29.1
* dracut-debuginfo-059+suse.565.g682306ec5-150600.3.29.1
* dracut-debugsource-059+suse.565.g682306ec5-150600.3.29.1
* dracut-fips-059+suse.565.g682306ec5-150600.3.29.1
## References:
* https://www.suse.com/security/cve/CVE-2026-6893.html
* https://bugzilla.suse.com/show_bug.cgi?id=1268322
openSUSE-SU-2026:0235-1: moderate: Security update for openQA, os-autoinst
openSUSE Security Update: Security update for openQA, os-autoinst
_______________________________
Announcement ID: openSUSE-SU-2026:0235-1
Rating: moderate
References: #1244139 #1245378 #1245379 #1257852 #1258632
#1259005 #1264376
Cross-References: CVE-2026-25547
CVSS scores:
CVE-2026-25547 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________
An update that solves one vulnerability and has 6 fixes is
now available.
Description:
This update for openQA, os-autoinst fixes the following issues:
Changes in openQA:
- Update to version 5.1782486535.1bf71ec4:
* fix(details view): Align video link the same as the bugref actions
* fix: Correct call to console.error
- Update to version 5.1782295118.57cb8aa0:
* chore(deps): Dependency cron 2026-06-24
* feat: Don't rewrite history for test result tabs
* chore(deps): Dependency cron 2026-06-23
- Update to version 5.1782133597.39cd80e0:
* refactor: Calculate module category headings in frontend
* chore(deps): Dependency cron 2026-06-20
* test: Make parallel execution of the fullstack test more reliable
* ci: disable Mergify interactive queue controls in PR comments
* feat(worker): enable direct execution with podman
* fix(worker): add --init and --rm flags for containerized engine
* feat(worker): support containerized os-autoinst worker engine
* test: refactor archive download tests for maintainability
* feat: implement category-specific ZIP downloads for jobs
* chore(deps): Dependency cron 2026-06-19
- Update to version 5.1781832185.5ddf5343:
* fix: fix user namespace mapping errors in podman
* chore(mergify): Update the number of required checks
* fix: use webui cache for download all archives
* chore(deps): Dependency cron 2026-06-18
* refactor: Extract changing prio and computing sign
* fix: Fix typos in `t/api/04-jobs.t` and `t/config.t`
* feat: Throttle jobs not using Git-URL as `CASEDIR`
* ci: Change repo paths for SLE-15-SP7 in consistency with os-autoinst
* fix: Avoid unresolvable openQA-devel-test package for SLE-SP7
* feat: improve detection of unexpanded variables in clone-job
* feat: support expanding variables in openqa-clone-job
- Update to version 5.1781712973.4c20e5c1:
* test: make search API tests robust
* fix: resolve openqa-llm-server crash on startup
* chore(deps): Dependency cron 2026-06-17
* feat: Improve job archive generation efficiency and UI
* feat: Efficiently serve job archives via web server redirect
* feat: Add 'Download All' ZIP archive button to job downloads page
- Update to version 5.1781621316.6d025b35:
* refactor: set clean monikers for Mojo services
* feat: use encrypted session cookies
* chore(deps): Dependency cron 2026-06-13
* docs: Mention how to enable UEFI and recently added variables
* docs: fix broken badge syntax in README.md
* feat(apparmor): add current worker profile as generated by aa-logprof
* feat(apparmor): add current worker requirements in /proc and /sys
* chore(deps): Dependency cron 2026-06-12
* git subrepo pull (merge) external/os-autoinst-common
* docs: Fix wrapping in "Job Priority Throttling" section
* fix(apparmor): Allow worker profile to use virt-fw-vars
* fix(livelog): Prevent timeouts due to nginx buffering
* fix: avoid initial delay when replying from livestream
* chore(deps): Dependency cron 2026-06-10
* chore(deps): Dependency cron 2026-06-09
* test: Skip earlier in tests_dependencies.t
* fix: Use reload-or-restart for openQA auto restart worker slots
* fix: Update codecov orb to latest version 6.0.0 fixing PGP error
* chore(deps): Dependency cron 2026-06-06
* fix: Support invent.kde.org and 'work_items' in bug URL handling
* ci(mergify): prevent annoying conflict messages
* docs: Rewrite medium version globbing in more user-facing style
* docs: Mention globbing in "Spawning multiple jobs ???" and "Medium
types"
* feat(scheduling): Allow globbing in version specifications
* fix: Set correct settings for scheduling example test
* refactor: Fix comment regarding `test_preset` INI section
- Update to version 5.1780561853.63760953:
* fix(rpm): eliminate systemd on-disk warnings during worker upgrade
* chore(deps): Dependency cron 2026-06-04
* ci: Run OBS scm checks only for master branch
* fix(systemd): activate inactive workers and reload active ones safely
* chore(deps): Dependency cron 2026-06-03
* test(full-stack): remove redundant ISO size check to be flexible
- Update to version 5.1780410522.ad58d974:
* feat(tests): enable parallel-safe fullstack and developer mode tests
* fix: ignore transient 'database is locked' errors in cache service
* git subrepo pull (merge) --force external/os-autoinst-common
* Revert "fix: avoid permission denied on cgroup creation for v2"
* feat: add run-test-env target to start all local services
* fix: add functional API keys for local test environment
* fix: use absolute paths for local test environment
* feat: Improve CLI retry error feedback with detailed messages
* fix: avoid permission denied on cgroup creation for v2
* ci: Auto-import keys to avoid interactive prompt for devel_openQA
* docs: require atomic commits in agent guidelines
* fix: include file paths in worker logging errors
* chore(AGENTS.md): add rules for ensuring valid commits
* fix: only report job limit in UI when globally reached
* docs: Clarify wording in "Spawning multiple jobs ???"
* docs: Fix wrapping in "Medium Types" section
* docs: Fix wrapping and use of blank lines in "Spawning multiple jobs
???"
- Update to version 5.1780322162.c1836389:
* refactor: Use more readable regex in `process-docs`
* refactor: Turn `process-docs` into proper style-checked Perl script
* feat: Add Makefile target to tidy Shell code
* docs: Fix links in documentation generated via `generate-docs`
* fix(openqa-clone-job): Allow empty API key/secret for auth.method=None
* fix(spec): Supplement bash-completion subpackage against
bash-completion
* docs: Fix broken list under "Further systemd ???" and wrap consistently
* docs: Fix example config for `git_auto_commit`
* docs: Wrap lines consistently under "Terms and variables ???"
* docs: Fix wrapping in "Triggering tests ???" section and below
* docs: Remove Git conflict markers that were missed by b51c609679
* feat: watch worker auto-restart systemd drop-ins for reloads
- Update to version 5.1779808735.8c9bd805:
* docs: Fix link to "Conducting tests" section
* refactor: Use Feature::Compat::Try consistently
* ci: Build packages for SLE 15 SP7 instead of SP6 which reached EOL
* ci: Remove package builds for Leap 15.6 as it reached EOL
* fix: make TESTS selection work again (regression from cd76f31f3)
* feat: add Nginx proxy template for local LLM load balancing
* feat: add openQA-llm-server sub-package for local LLM support
* feat(pyproject): Streamline summary with spec file
* fix: Fix wording in summary of rpm package
* feat: Apply formatting of Python code also to documentation snippets
* feat: Change `openqa-label-all` to satisfy ruff checks
* test: Add target to run format Python code
* test: Add targets to run static Python checks
* feat: Add `pyproject.toml` as in other repositories
* feat(needle-editor): Validate that there is at least one match area
* docs: Reference "Asset handling" section directly
* fix: Fix some wrong uses of "check out"
* docs: Fix broken references in further places
* docs: Fix wrapping in section about importing production data
* docs: Fix broken references in several documentation files
* test(isos post): Assert behavior when specifying parameters twice
* refactor(isos post): Use `$validation` consistently
* fix(spec): add RPM Group tag to all subpackages
* style: Include core perlcritic rules as well
* fix: resolve 'Too many open files' by clearing AssetPack FD cache
* fix: work around DBD::Pg bug regarding INSERT ON CONFLICT row count
* refactor: Remove superfluous Test::MockModule instance
* refactor: Use a hash instead of string eval
* refactor: Use Syntax::Keyword::Try instead of eval
* style: Enforce perlcritic policies regarding eval
* fix: allow worker to start without API keys
* refactor: Split scheduler tests to avoid failing complexity check
* feat: Distinguish parallel jobs in info when cluster cannot be assigned
* fix: Reword misleading message about "incomplete parallel cluster"
* fix(docs): remove zero-length draw.io marker file
* fix(branding): add placeholder content to empty sponsorbox template
* test: fix "Too many open files" in t/api/03-auth.t
* fix: fix security vulnerability in Auth::check and minor typo
* test: fix hmac_sha1_sum calculation in auth tests
* docs: fix typo in Auth controller
* refactor: use DEFAULT_ADMIN constant for admin username
* feat: switch bootstrap to 'None' authentication provider
* fix(packaging): avoid repeating package name in Summary
* fix(packaging): replace obsolete packageand() with boolean Supplements
* fix(build): install openqa-cli.yaml without executable bit
* style: Enforce perlcritic policy Community::EmptyReturn
* ci: Remove `perl-TAP-Harness-JUnit` from devel container again
* ci: Use distinct container introduced by f33029623
* chore: Use ` https://download.opensuse.org` consistently
* feat(worker): Pass reason to web UI when skipping job due to self-check
* feat(worker): Prevent skipping directly chained jobs due to self-checks
* fix(build): add executable bit to dbicdh migration scripts
* refactor: Remove @EXPORT and add %EXPORT_TAGS
* refactor: Move @EXPORT to @EXPORT_OK
* refactor: Remove unused var @EXPORT
* style: Add no critic
* style: Enforce perlcritic policy ProhibitAutomaticExportation
* refactor: Remove non-existing functions from export list
* feat: Require Perl::Critic >= 1.156.0
* style: Enforce perlcritic policy Subroutines::ProhibitManyArgs
* feat: support configurable secrets hiding in UI and API
* chore(deps): Dependency cron 2026-05-16
* chore(deps): Dependency cron 2026-05-15
* chore(deps): Dependency cron 2026-05-14
* refactor(create_admin): switch to Getopt::Long::Descriptive
* style: Enforce perlcritic policy BuiltinFunctions::ProhibitUniversalIsa
* test: Prevent unhandled output after b278ab6dfd3
* style: Enforce perlcritic policy regarding open()
* ci: Add distinct container image for CI
* style: Enforce perlcritic policy Subroutines::ProhibitReturnSort
* style: Enforce perlcritic policy ProhibitReadlineInForLoop
* style: Enforce perlcritic policy Community::POSIXImports
* style: Enforce perlcritic policy ClassHierarchies::ProhibitOneArgBless
* chore(deps): Dependency cron 2026-05-13
* fix: parse URL-derived settings for cloned jobs
* style: Enforce perlcritic policy
TestingAndDebugging::ProhibitNoWarnings
* ci(dependabot): apply deps update cooldown to prevent PR fatigue
* refactor: Improve global variables in SeleniumTest
* style: Enforce perlcritic policy Variables::ProhibitPackageVars
* style: Enforce perlcritic policy Community::ConditionalImplicitReturn
* test: Add `python3-ruff` for static checks of Python scripts
* style: Enforce perlcritic policy CodeLayout::ProhibitHardTabs
* test(worker-engine): Cover all lines of `set_engine_exec`
* chore(ci): Avoid running into authenticity error
* chore(ci): Allow running caching jobs in parallel
* chore(ci): Log installed rpm packages after removing explicit tracking
* chore(ci): Simplify CI runtime using devel container image
* chore(Makefile): Avoid depending on the `which` utility
* fix(apparmor): allow /usr/bin/getopt needed for os-autoinst-scripts
* style: Enforce perlcritic policy ProhibitConditionalUseStatements
* style: Enforce perlcritic policy Subroutines::ProhibitExcessComplexity
* style: enforce perlcritic policy ProhibitCascadingIfElse
* perf(cleanup): replace N+1 per-group queries with single batch query
* style: Enforce perlcritic ProhibitQuotesAsQuotelikeOperatorDelimiters
* style: Enforce perlcritic policy RequirePackageMatchesPodName
* style: Enforce perlcritic policy BuiltinFunctions::ProhibitUselessTopic
* feat(api): filter job statistics by group globs
* test: stabilize test_containers_compose
* test: use IfNotPresent pull policy for postgres init container
* fix(tools): handle pandoc TeX math misinterpretation in API docs
* fix(docs): link to the correct cleanup section
* style: Enforce perlcritic policy Miscellanea::ProhibitUselessNoCritic
* style: Rewrite some for loops in foreach style
* style: Enforce erlcritic policy Modules::ProhibitExcessMainComplexity
* feat(cli): generate shell completions from openqa-cli.yaml
* fix(test overview): Bring query for "Aborted" in-line with accounting
* chore(deps): Dependency cron 2026-05-11
* ci: fix "conflicts with file" problems
* fix: update fast-uri to address security vulnerabilities (boo#1264376)
* docs: Fix wrapping in users guide after Markdown conversion
* feat: add scheduling skip reasons to the webUI
- Update to version 5.1778257070.d9915684:
* docs: show document levels in generated TOC
* feat(search): Add link to job in job modules search
* feat(test overview): Make "Job result/state" in filter form clickable
* test(test overview): Test filtering for "None"
* fix(test overview): Bring query for "None" in-line with accounting
* feat(test overview): Improve accounting for certain states
* feat(test overview): Add distinct counter/button for canceled jobs
- Update to version 5.1778239460.4b750ff3:
* feat(search): Add job id to search results response
- Update to version 5.1778134320.e889287c:
* test: simplify postgres healthcheck in docker-compose
* fix: correctly handle MOJO_CLIENT_DEBUG in Helm chart
* test: add yamale and yamllint to test_helm_chart dependencies
* test: fail early in test_helm_chart if dependencies are missing
* test: use isolated environment for helm chart tests
* test: serialize helm chart test execution
* refactor: Remove superfluous line in script usage
* style: Enforce perlcritic policy Subroutines::RequireArgUnpacking
* fix: ktap: ignore selftest status comments
* fix(apparmor): allow write to /dev/tty necessary for Leap 16
* chore(spec): Exclude devel sub package from builds for Leap < 16
* ci: Ensure all required dependencies are part of the devel container
* fix(apparmor): allow further paths for 16.x
- Update to version 5.1777995277.b985bea2:
* style: Enforce perlcritic policy Variables::ProtectPrivateVars
* fix(docs): Fix links to documentation after converting to Markdown
* docs: fix broken references to former .asciidoc files
* docs: Fix wrapping list of directories after Markdown migration
* docs: Improve documentation of `git_auto_clone` feature
* docs: Make remark about worker cache service clearer using a comma
* docs: Fix casing of Git in the section about setting up Git support
* feat: Include log in IPA results
* feat: enhance dynamic job limit with fast ramp-up
- Update to version 5.1777888278.38a3a85c:
* style: Enforce perlcritic policy ProhibitUselessTopic
* style: Enforce perlcritic policy BuiltinFunctions::RequireBlockGrep
- Update to version 5.1777617029.fd9e1e69:
* style: Enforce perlcritic policy ProhibitSingleCharAlternation
* fix(apparmor): Add jsonnet to worker profile
* style: Enforce perlcritic policy CodeLayout::ProhibitQuotedWordLists
* style: Enforce perlcritic policy RequireNumberSeparators
* build(deps-dev): bump eslint from 10.1.0 to 10.2.1
* style: Enforce perlcritic policy Variables::ProhibitUnusedVariables
* feat: Ensure temporary directory exists when caching assets
* fix(docs): fix mobile view rendering by ensuring CSS override
* chore(lint): extend stylelint to cover documentation CSS
* refactor: break down create_from_settings into smaller functions
* feat: automatically add configurable worker classes to jobs
- Update to version 5.1777474261.55e5cd5e:
* build(deps): bump postcss from 8.5.8 to 8.5.12
* fix(apparmor): adjust the /usr/bin/ssh child profile for 16.x
* fix: Fix rendering bugrefs as links in lists and other structures
* feat: use full job group name for priority check by default
* chore(AGENTS.md): refine coverage requirements
* fix(apparmor): allow worker to execute "df"
* feat: Restore styling and TOC for API documentation
* feat: add "badge" option to openqa-clone-job for markdown output
* fix(AMQP): Avoid keeping unused AMQP connections around
* test: Use more compact syntax in AMQP tests
* test: Use signatures in AMQP tests
* fix(apparmor): allow access to all Python 3 versions
* style: Add tools/ to perlcritic check
* fix(Plugin::IssueReporter): prevent erroneous "mailto" links
* perf: tweak jobs evaluated on job groups based on recent improvement
* fix: try to resolve package conflicts with zypper
* docs: Keep filenames in links for GitHub but strip them in build
* docs: fix typo in WritingTests
* fix: dynamically check pandoc support in generate-documentation
* fix: dynamically check pandoc support in generate-docs
* fix: add python3-weasyprint for build-docs
* feat(ui): Simplify warning about full storage
* feat(scheduler): Consider all relevant paths in storage space check
* docs: Polish rendering and fix conversion artifacts
* style: Enforce perlcritic policy RequireQuotedHeredocTerminator
* refactor: Reduce complexity in openqa-load-templates
* style: Enable strictures before first line of code
* style: Add script/ to perlcritic check
* docs: Mimic Asciidoctor style with custom CSS and Pandoc template
* docs: Fix broken anchors and rendering issues in generate-documentation
* docs: Post-conversion cleanup of artifacts and broken links
* docs: Switch PDF engine to weasyprint in generate-documentation
* docs: Improve glossary highlighting and remove redundant divs
* style: Remove trailing whitespace from Markdown files
* docs: Enable section numbering and clean up index.md
* feat: Convert documentation from AsciiDoc to Markdown
* git subrepo pull (merge) --force external/os-autoinst-common
* fix(t/33-developer_mode): make needle renaming robust
* fix(t/33-developer_mode): bypass storage space check
* build(deps-dev): bump prettier from 3.8.1 to 3.8.3
* build(deps): bump delaunator from 5.0.1 to 5.1.0
* fix(apparmor): adapt snd2png path to os-autoinst#2881
* feat: Throttle consistently failing test scenarios
* test: fix sporadic failure in scheduling-and-worker-scalability
* perf: optimize compute_build_results with DB-level aggregation
* feat: disable dashboard inclusion checkbox if ignored by config
* fix: remove redundant title attribute in group property editor
* refactor: Avoid duplicate access like `$details->{$nickname_field}`
* feat: Make all assignments configurable on login via OAuth2
configurable
* feat: Make assignment of fullname on login via OAuth2 configurable
* fix: Improve auth logic to support API fallback and fix CSRF handling
- Update to version 5.1776705613.1c2c8716:
* ci: ensure full statement coverage
- Update to version 5.1776681647.73d96c66:
* feat(Git): Use nickname as a fallback for fullname
* perf: Select only needed columns in _previous_scenario_jobs
* perf(IssueReporter): Cache regression_links
* feat: ignore "Investigations" job group on dashboard by default
* fix: prevent "Not enough storage" with consistent setting
* refactor: Improve code for `None` auth method
* refactor: Avoid duplicating code for OAuth2 and OpenID auth
* test: Improve OAuth2 tests
* docs: Explain the design of the OAuth2 plugin
* feat: Return to previous page after login via OAuth2
* fix: ensure priority increases for job groups with NULL description
* feat(Makefile): add convenience targets for all services
* feat: Handle deleted/altered system user more gracefully
* fix(worker): handle missing D-Bus socket gracefully
* test: Consider everything we track coverage of as covered
* test: Cover YAML validation script
* feat(cli): support lower-case test argument passing
* feat(mcp): promote endpoint from /experimental/mcp to /mcp
- Update to version 5.1776202410.3448a30a:
* feat(worker): Resolve share directory correctly for relative basedir
* fix: SQL ON CONFLICT constraints for Assets registration
* feat: allow ignoring job groups on dashboard evaluation
- Update to version 5.1776103434.91af0a8b:
* feat: expand parallel test execution in t/testrules.yml
* feat: set no expiration for "None" auth API keys
* fix: Avoid gap between caret and preview container
* refactor(upload): Move chunk size constant to constants module
* refactor(upload): Define chunk size only once
* test: Check for unhandled output by default
* git subrepo pull (merge) external/os-autoinst-common
* perf(upload): Speed up asset uploads
* feat: enable videos for all jobs again
* ci: remove redundant perl-critic GHA covered by circleCI
* ci: separate compile tests into independent job
* test: Move author tests to xt/ and separate compile checks
* fix: use Test::Warnings in 02-perlcritic
* chore(deps): Remove obsolete Freenode::StrictWarnings policy
* chore(ci): bump checkout v4->v6
* feat: implement "None" authentication provider
* feat: Prevent job assignments when running out of space by default
* fix(results_min_free_storage_space_percentage): Allow disabling with
`0`
* fix(results_min_free_storage_space_percentage): Add to `Setup.pm`
* feat: make compute_build_results faster by passing the query for jobs
* feat: optimize comment_data_for_jobs when passed a result set
- Update to version 5.1775828534.8622a781:
* refactor: Rename `results_storage_above_threshold`
* feat: Log a meaningful error message if `check_df` fails
* feat: Add separate setting for scheduler storage space check
* fix: address further XSS in admin_needle.js response loop
* fix: address XSS vulnerability in admin_needle.js handleSingleError
* fix: address further XSS vulnerabilities in admintable.js catch blocks
* fix: address XSS vulnerability in admintable.js catch block
* fix: address XSS vulnerability in ws_console.js sendAndLogCommand
* fix: address XSS vulnerability in ws_console.js logLine
* build(deps): bump lodash from 4.17.23 to 4.18.1
* fix: Calculate upload speed correctly by including milliseconds
* docs: Clarify description of `force_result_regex`
* test: Cover remaining lines of `upgradedb`
* test: Fix missing assignment in upgradedb test
* refactor: Avoid duplicating user handling in database scripts
* fix: Apply force result label correctly if `force_result_regex` is
empty
* test: Verify applying force_result label from carried over comments
* fix: Reference schema files from the installed package for helm lint
* feat: limit job results on group overview and dashboard
* build(deps-dev): bump eslint-plugin-prettier from 5.5.4 to 5.5.5
- Update to version 5.1775643384.e9cf2643:
* fix: Move Workers constants to Constants.pm
* refactor: Remove $VERSION variables from modules
* fix(apparmor): let ipmitool read enterprise-numbers
* fix(apparmor): add rules for xterm-console
* fix(apparmor): allow to start icewm
* fix(apparmor): remove unnecessary rules from x3270 profile
* test: Cover initdb
* fix(apparmor): allow x3270 to write trace files
* fix: Let worker init fail for missing working dir
* ci(mergify): prevent any unused merge queue checks
* test(43-scheduling-and-worker-scalability): automate job count
scenarios
* feat: Show possible candidates for working directory in error message
* test: Cover `t/44-scripts-create_admin.t`
* test: refactor dynamic limit tests to use table-driven approach
* fix(create_admin): Fix order of arguments in help text
* refactor(js): fix lint errors in needlediff.js
* fix(js): disable no-unassigned-vars in ESLint config
* build(deps-dev): upgrade ESLint to 10.1.0 and add missing peer deps
* build(deps-dev): bump eslint from 9.39.2 to 10.0.0
* fix(deps): bump brace-expansion from 5.0.3 to 5.0.4
* fix: avoid redundant commas in job group summary list
* fix: avoid redundant commas in job group summary list
* feat: show priority calculation tooltip on job details page
* feat: allow custom badge labels via query parameter
* feat: refine priority adjustment messages for clarity
* feat: visualize priority calculation in web UI
* feat: increase priority based on job group properties
* build(deps-dev): bump prettier from 3.6.2 to 3.8.1
* build(deps): bump anser from 2.3.2 to 2.3.5
* chore(profiles): allow web UI to read loadavg
* feat: Reduce level of "Failed ??? command" log message further
* test(clone-job): Improve checks of transaction handling
* fix(clone-job): Prevent duplicate jobs after d813ac3655
* fix(clone-job): Restore compatibility with older curl versions
* test: Debug `t/ui/27-plugin_obs_rsync_status_details.t`
* fix: cancel job icon invisible in tests list
* feat(ui): indicate number of previous job restarts in all lists
* refactor(t): use proper subtests and test labels in 10-tests_overview
* feat: Limit list of job groups in summary header box
* feat: Filter job groups in tests overview by availability of results
* chore(deps): Dependency cron 2026-03-31
* refactor(assets): remove deprecated KeyEvent usage
* docs: relocate scheduler and worker load documentation
* feat: dynamically adjust global job limit based on system load
* chore(deps): bump picomatch from 2.3.1 to 2.3.2
* build(deps-dev): bump flatted from 3.4.1 to 3.4.2
- Update to version 5.1774895777.6c2911d1:
* feat: Customizable time_limit_days
* fix: arrow navigation not working in Chrome-based browsers
* style: Remove various magic numbers
* fix: ensure cache sync creates parent directory
* feat: Improve log message when sending command to ws server fails
* refactor: Use `any` instead of `grep` in worker schema
* refactor: Avoid repeated access to `$args{command}` in worker schema
* fix(clone-job): Restore authorized asset downloads after 06bc5193d25b
* fix: restore broken label and flag icons in comments
* feat: support parallel Perl tests with PROVE_JOBS in Makefile
* fix(ui): Prevent build tag labels from rendering in all caps
* feat: replace Test::Strict with Test::Compile in compilation check
- Update to version 5.1774854217.24dbd811:
* style: Fix TestingAndDebugging::RequireUseStrict violations
* style: Fix TestingAndDebugging::ProhibitNoStrict violations
* style: Fix BuiltinFunctions::RequireBlockMap violations
* style: Use only positive conditions for unless
* style: Fix OpenQA::RedundantStrictWarning violations
* style: Fix BuiltinFunctions::ProhibitStringySplit violations
* style: Fix ProhibitInterpolationOfLiterals violations
* style: Fix CodeLayout::ProhibitParensWithBuiltins violations
* style: Run perlcritic also for t/
* chore(deps): Dependency cron 2026-03-28
* feat: complete shim-less migration to Font Awesome 6
* chore: Add dependency for extending `t/11-commands.t`
* chore: Reduce permissions of workflows
* feat: support "always_run" test flag in web UI and API
* feat(Makefile): enable heavy and fullstack tests by default locally
* feat: Retry API calls in `clone-job` like already `openqa-cli` does
* feat: migrate to timeago.js for proper jquery4 compatibility
* feat(clone-job): Retry asset downloads on transient errors
* feat(scheduler): provide visual indication of limited disk space
* feat(scheduler): provide visual indication of limited disk space
* feat(scheduler): prevent openQA depleting storage with new openQA jobs
* refactor(tests): consolidate page loads in 01-list.t
* feat: replace deprecated fork-awesome with Font Awesome 6 Free
* fix(influxdb): prevent empty tags populated to telegraf
* feat(MCP): Add MCP tool annotations
- Update to version 5.1774510397.efec10a7:
* Revert "refactor: Replace jQuery-dependent timeago with vanilla
timeago.js"
* docs(userguide): fix position of job_templates unique id
* docs(amqp): cover usage examples of amqp and slack integration
* feat: Allow resuming asset downloads with `openqa-clone-job`
* feat: migrate to timeago.js for proper jquery4 compatibility
* style: Exclude external/ directory from 01-style.t checks
* style: Fix various perlcritic violations in script/
* git subrepo pull (merge) external/os-autoinst-common
- Update to version 5.1774384552.1377209d:
* test: Add Test::Perl::Critic
* test: Consider everything under `lib/openQA/` covered
* refactor: Avoid duplicate code for making test suite name unique
* test: Consider everything under `lib/OpenQA/Scheduler/` covered
* test: Cover handling missing response from ws server when assigning
jobs
* test: Cover assigning multiple jobs to worker
* refactor: Extract functions to assign jobs in scheduler code
* refactor: Remove probably useless error handling in scheduler code
* test: Cover all cases of sorting criteria in scheduler
* test: Consider everything under `lib/OpenQA/Resource/` covered
* test: Cover remaining uncovered lines in `OpenQA::Resource::Locks`
* refactor: Simplify `unlock` function to be in-line with `lock`
* test: Cover restarting jobs with no job IDs specified
* style: Use ProhibitNegativeExpressionsInUnlessAndUntilConditions
* chore(deps): Dependency cron 2026-03-24
* chore: migrate remaining ESLint settings from legacy to flat config
* style: migrate all JavaScript consistently from var to let/const
* chore(ci): bump javascript check to node 22
- Update to version 5.1774278862.ea002efa:
* refactor: slightly simplify BuildResults
* chore(AGENTS.md): add customized file
* refactor: deduplicate configuration defaults and verify openqa.ini
* fix(ci): fix referencing commit-message-checker
* style: Add Test::Perl::Critic dependency
* docs: document "always_run" test flag
* feat(Makefile): add help text for missing targets
* fix: prevent intermittent failure in t/ui/13-admin.t
* fix: remove fixed container sizing in needlediff view
- Update to version 5.1774104919.9788babf:
* feat: add pre-commit hooks with gitlint
* ci: replace GHA commit-message-checker with os-autoinst-common one
* refactor: replace .gitlint with identical os-autoinst-common one
* git subrepo pull (merge) external/os-autoinst-common
* fix: needlediff view alignment (regression from dc1a3709e)
* fix: robust group property validation and reliable UI tests
* test: Consider the `CacheService` directory fully covered
* test: Mark whole function `_kill_db_accessing_processes` as uncoverable
* test: Track coverage of InfluxDB route of cache service
* refactor: Remove CORE:: prefix from function calls
* fix: avoid duplicating users on provider mismatch
* refactor(Utils): remove unnecessary CORE:: prefix again
* fix: use proper Mojo::Base attribute for developer_session_running
* refactor: convert all remaining lib/ modules to signatures
* fix: use Scalar::Util::set_prototype for compatibility with Perl 5.26.1
* refactor(LiveHandler): convert remaining modules to signatures
* refactor(Scheduler): convert remaining modules to signatures
* refactor(Schema): convert remaining modules to signatures
* refactor(Shared): convert remaining modules to signatures
* refactor(Task): convert remaining modules to signatures
* refactor(WebAPI): convert remaining modules to signatures
* refactor(WebSockets): convert remaining modules to signatures
* refactor(Worker): convert remaining modules to signatures
* refactor(Parser): convert remaining modules to signatures
* refactor(CacheService): convert remaining modules to signatures
* refactor(t::lib::OpenQA): convert remaining modules to signatures
* refactor: Simplify `_handle_command_resume_test_execution`
* chore(t::OpenQA::Test::Utils): remove obsolete "_get_worker" mock
* fix: Add missing Mojo::File import in Parser::Format::Base
* refactor: remove unused function OpenQA::Parser::Result::write_json
* feat(tests): reduce wait_for_ajax default timeout from 5min to 30s
* Revert "feat: modernize test result styling with data attributes"
* refactor: Use File::stat to avoid magic numbers
* refactor: Use Time::Seconds to avoid magic numbers
* chore: adapt openQA for jQuery 4.0.0
* feat: improve local gitlint by picking the most recent base branch
* ci: ensure local gitlint checks all commits in the branch
* ci(check-helm-chart): try harder to download from registry.opensuse.org
* fix: resolve instability in cache-service rsync test
* feat: use localhost instead of manual IP addresses in startup message
* feat: modernize test result styling with data attributes
* fix(audit): show all audit events in the web UI
* docs: Add missing line break to fix Deletion section
* build: integrate stylelint for automated CSS/SCSS styling
* feat: Allow reproducing test with pinned test code via clone-job
* feat(webui): make rendering batch size configurable
* fix: resolve sporadic failure in UI test tabs loading
* fix(investigation): select casedir/needledir correctly when no symlink
- Update to version 5.1773427330.0b172206:
* fix: Display GitHub bugrefs correctly when used within a label
* refactor: Improve style in `t/39-scheduled_products-table.t`
* feat: improve responsiveness of tabs in job details view
* ci(helm): override pullPolicy when install helm via ct
* test: Consider everything under `lib/OpenQA/Schema` covered
* test: Cover generating Gravatar URLs
* test: Cover handling failed job cancellation when scheduling iso
* feat: add zypper clean command in base container
* test: Cover computing Git log diff
* test: Cover adding logs to result file list
* refactor: Simplify and slightly improve `create_asset`
* refactor: Simplify error handling in function for appending job logs
* test: Cover setting and deleting job properties
* test: Cover error handling when duplicating jobs
* test: Mark error handling in `_hashref` as uncoverable
* test: Cover remaining lines of `JobModules.pm`
* refactor: Remove unused function `locked_by_jobs`
* test: Cover removing test suite defaults
* test: Cover rendering description of parent job group
* test: Consider everything under `lib/OpenQA/Script/` covered
* test: Cover `openqa_baseurl` used by clone script
* test: Cover handling unexpected return code in clone script
- Update to version 5.1773333964.ffc5eff5:
* test: Fix unstable test for stacking of parallel tests on overview page
- Update to version 5.1773291834.69acf4b4:
* chore(deps): Dependency cron 2026-03-12
* style: Use HTTP::Status status code constants
* Revert "feat: optimize size of devel:openQA:ci/base container"
* feat: adapt to os-autoinst switching to markdown
- Update to version 5.1773151075.654d76ed:
* refactor: Write `renderComments()` in a more compact way
* fix: Restore spacing between bug and other icons after 9346b7165
* ci(helm): replace internal retry with okurz/retry/
* refactor: Use signature in callback to clarify input parameters
* style: Add three perlcritic rules
* style: Make .perlcriticrc a real file instead of a symlink
* chore(deps): Adjust bot commit message to conventional commits
* test: Add test for rendering `label:linked` with bug reference
* feat: Improve handling non-bugref URLs in `mark_job_linked` after
7f6790
* test: Verify that only one label is added via `mark_job_linked`
* feat: Render labels with bug references as clickable links
* refactor: Improve coding style in `renderComments()`
* feat: Use bugref within label when creating 'Job mentioned in ???'
comment
* docs: document the priority throttling for scheduled jobs
* Dependency cron 2026-03-09
* feat: Streamline "relates to default checkout" condition
* feat: Enable `git_auto_update` if `CASEDIR` and `NEEDLES_DIR` are set
* feat: Support `CASEDIR` lookup introduced in ef229dc also in Git tasks
* fix: Handle error when determining Git server host correctly
* feat: add privacy policy
- Update to version 5.1773068319.a9347c1b:
* docs: Link to latest passed job to ensure the download tab exists
* feat: allow filtering by job result and state in /tests/latest
* style: Always pass a regex match to split
* style: Use map only in block form
* style: Use grep only in block form
* style(gitlint): allow unwrappable longer URLs in git commit message
body
* feat: unify priority management of max_job_time and throttling
* ci(helm): pull container images in advance
* ci(helm): make sure that install-chart runs after lint-chart
* feat: optimize size of devel:openQA:ci/base container
* feat: allow users to delete/anonymize their own account
- Update to version 5.1772722702.3877b2ca:
* style: Use builtin functions without parentheses consistently
* build: update minimatch to fix ReDoS vulnerabilities
- Update to version 5.1772705410.5c7fe0aa:
* style(t): fix formatting of long line in t/37-limit_assets.t
* test(Makefile): treat t/01-style consistently with tidy+compile tests
* ci: cover sporadic download errors with retries
* feat: support show_build=1 for overview badges
- Update to version 5.1772550094.48b5cce5:
* refactor: Improve code for testing OpenID auth
* test: Consider everything under `lib/OpenQA/WebAPI/` covered
* test: Cover all code for OpenID auth
* test: Cover retrying of OBS rsync tasks
* fix: Return correctly when OBS dirty status cannot be determined
* refactor: Remove unused local variable in OBS rsync code
* test: Cover parameter validation warnings code for API descriptions
* fix(config): Drop max_conns to allow proper queueing
* refactor: Improve code in `renderTestLists()`
* feat: Pass all parameters when making AJAX requests on "All tests" page
* feat: Allow use of `job_setting` parameter also on "All tests" page
* refactor: Simplify code for passing query parameters on "All tests"
* fix(dependencies): add missing "make" to devel sub-package
* test: remove stabilized tests from tools/unstable_tests.txt
* test(lib): remove unused "disconnect" function
* test(lib): mark uncovered line
- Update to version 5.1772475695.6c6c7eda:
* build(Makefile): add make target help text
* fix(npm): bump to non-vulerable versions (boo#1259005, boo#1258632)
- Update to version 5.1772460208.7a4e1e06:
* docs: Document array-like job settings and `job_setting` parameter
* test: Ensure test of filter params of jobs API fails if code breaks
* feat: Support searching by job settings in API to list jobs
* refactor: Improve `cancel_by_settings`
* fix: Allow filtering by more than one job setting in various routes
* test: Improve checks in `t/api/02-iso.t`
* feat: Allow searching by job settings via overview routes
* style: use consistent q{} syntax for SQL strings in Cache Model
* refactor: streamline IPC::Run usage and signal handling
* test: remove t/25-cache-service.t from unstable_tests.txt
* test: improve robustness of t/25-cache-service.t
* test: refactor InfluxDB subtest to reduce duplication
* test: improve infrastructure for t/25-cache-service.t
* fix: improve database robustness in Cache model
* fix: log rsync stderr in CacheService::Task::Sync
* test: support OPENQA_TEST_WAIT_INTERVAL in wait_for
* fix(cache): capture stderr and handle exit status robustly in Sync task
* test: make SIGCHLD handler selective in OpenQA::Test::Utils
* docs: document aggregate result badges for overview queries
- Update to version 5.1772092969.74a39650:
* test: Consider all of `lib/OpenQA/Task/` covered
* test: Cover handling developer session when saving needles
* test: Cover further error cases when saving needles
* fix: Fix error handling when saving needle JSON
* test: Workaround limitation of coverage tracking
* feat: Improve needle JSON validation
* test: Cover all cases of needle JSON validation
* fix: Avoid Perl warning when validating needle JSON
* refactor: Simplify code in `_delete_needles`
* test: Cover handling error when asset directory is not writable
* test: Cover skipping screenshot cleanup if still enqueued
* feat(openqa-upstreams.inc): set `max_conns` to max connection handled
* refactor: optimize and harden aggregate overview badges implementation
* refactor: improve aggregate overview badges implementation
* test: consolidate SVG badge unit tests
* feat: implement test result badges for aggregate overview queries
- Update to version 5.1772031289.93bc2a13:
* docs(image): describe the TW image with openQA available in o3
* fix(t/03-auth): avoid 'Too many open files' with mocks
* fix: avoid constant redefinition warnings in ScheduledProducts
* feat: add aggregate favicons for test overview
* build: improve cleanup of generated favicon assets
* feat: add Makefile targets to run services with temporary test database
* ci(helm): increase timeout on ct install
* feat: add gitlint for conventional commit checks
- Update to version 5.1771942065.808b073f:
* test(t/44-scripts): extend to cover Python scripts
* test(t/44-scripts): implement individual timeouts
* fix(script): add early argument validation where missing
* test: harmonize Test::More call format using '+' prefix
* Dependency cron 2026-02-24
* test: refine style check and fix ambiguous test calls
* Replace Ingress with Kubernetes Gateway API for external access
* refactor: ensure consistent test call parentheses format
* chore: add dependency for python3-gitlint commit checks
* tweak: Improve logging of Git output
* tweak: Avoid warnings about invalid revision ranges
* tweak: Use normal warning log messages when encountering Git problems
* fix: Avoid Perl warnings if URL passed to `git_commit_url` is invalid
* docs: Add section about security
* Fix tools/test_helm_chart after Helm chart reorganization
* Update Helm chart documentation
* Move worker subchart under openqa/ and fix connectivity
* Add single openqa parent chart with ingress and nginx
* Remove old helm chart structure
- Update to version 5.1771846996.b67911c1:
* fix: update ajv to fix moderate severity ReDoS vulnerability
* fix: update minimatch override to fix high severity ReDoS vulnerability
* openqa-load-templates: Slightly simplify
- Update to version 5.1771626210.b82f14f2:
* refactor(test/overview): use signatures and clean up code
* refactor(test/overview): reduce duplication
- Update to version 5.1771589939.8f8502b4:
* feat: Improve default `PRODUCTDIR` after ef229dc2
* refactor(ui): simplify removal of empty query parameters (after rebase)
* test(45-make-update-deps): allow bypassing dependency update check
* fix(test): improve UI test robustness by using state-based waiting
* test: Improve workaround for candidates menu not opening sometimes
* docs: Mention use of relative paths in `CASEDIR` to avoid symlinking
* fix: Fix wrong uses of "checkout" that should be "check out"
* feat: support filtering by meta-results+states in /tests/overview
* Revert "feat: Add symlink for aeon in openqa-bootstrap script"
* fix(43-scheduling-and-worker-scalability): prevent sporadic issues
* refactor: use join for properties in determine_free_workers
* fix: do not cache websocket_api_version if not set
- Update to version 5.1771473096.98530511:
* feat(ui): remove empty query parameters from /tests/overview URL
* fix(mcp): set navbar check expression to read-only
* feat: support inverted result filters in /tests/overview
* feat: Allow specifying `CASEDIR` to avoid symlinking
* fix(test): Enable helm install-chart test again
* git subrepo pull (merge) --force external/os-autoinst-common
* feat: Make allowed hosts for SCENARIO_DEFINITIONS_YAML_FILE
configurable
* test: Consider everything under `lib/OpenQA/Shared/` covered
* fix: Provide specific error message if job was removed
`enqueue_???_track`
* refactor: Remove useless error message in `enqueue_and_keep_track`
* test: Cover case of successful executing in `enqueue_and_keep_track`
* refactor: Simplify error handling of `enqueue_and_keep_track`
* test: Cover error handling of `enqueue_and_keep_track`
* test: Consider shared session controller fully covered
* refactor: Avoid duplications in sessions controller
* refactor: Use signatures in session controller code
* test: Cover error handling in case of a bad CRSF token
* test: Cover test route for session
* fix(worker): reject jobs explicitly when worker is stopping
* feat: Remove workaround for codecov and gpg
* feat: Switch to Leap 16 in Helm charts
* feat: Switch to Leap 16.0 in openqa_data container
* feat: Replace all Leap 15.6 with 16.0 in docs and scripts
* test: Cover showing special image when backend has terminated
* fix: Use new apachectl command
* Update openQA containers to Leap 16.0
* test: Extend tests for controller handling live view
* refactor: Move throttling into its own function
* feat(throttling): throttle jobs resources based on parameters size
* refactor: Avoid repeated use of `$t->app->minion` in gru tasks tests
* feat: Allow archiving jobs with infinite important storage durations
* feat: Flag jobs without results as archived for consistency
* feat: Remove one corner case preventing jobs from being archived
- Update to version 5.1770718745.ce2072d3:
* feat(ui): use clickable test overview summary counts for quick
filtering
* build(Makefile): fix uninterruptable tests
* docs: Mention caveats of `???_cleanup_max_free_percentage` setting
* test(25-cache-service): fix race conditions
* test(ui/21-admin-needles): properly wait for modal dialog and deletion
* test(ui/13-admin): properly wait for API key deletion
* test(40-openqa-clone-job): properly isolate from system config
* test(15-asset): bump timeout to current runtime
* chore: fix CVE-2026-25547 (boo#1257852) by overriding minimatch
* build(deps-dev): bump @eslint from 9.36.0 to 9.38.0
* fix(eslint): correct style to be eslint-9.38 compliant
* build(deps-dev): bump @eslint-community/regexpp from 4.12.1 to 4.12.2
* build(deps-dev): bump @eslint/config-array from 0.21.0 to 0.21.1
* build(deps-dev): bump @eslint/object-schema from 2.1.6 to 2.1.7
* refactor: Improve variable names in function to determine expired jobs
* test: Improve name of subtest for archiving
* test: Verify that archiving works regardless of logs/results present
* Dependency cron 2026-02-06
* Bump js-yaml from 4.1.0 to 4.1.1
* build(deps): bump ace-builds from 1.43.3 to 1.43.4
- Update to version 5.1770308102.12dfd0e4:
* fix: Configure sudoers correctly in Leap 16
* Also use devel:openQA/16.0 in dependency bot workflow
* Remove dependencies not available in 16
* Remove all explicit versions from ci-packages.txt
* Explicitly use new cache key for fullstack_cache
* Use devel:openQA 16.0 repositories
* fix: Create user directory without sudo
* refactor(ui): use native DOM APIs for bulk action logic
* Update devel:openQA:ci/base container to Leap 16
* test: Consider all controller code covered
* refactor: Remove unused "group connect" endpoints
* test: Cover `openqa_jobs_by_worker` field of InfluxDB endpoint
* test: Cover all cases of search of audit log table
* refactor: Simplify function to render audit log index page
* test: Add test for `eventid` parameter of audit log page
* test: Cover remaining lines of `Asset.pm`
* Mark some one line catch statements uncoverable
* Move t/07-api_jobtokens.t to t/api/
* refactor: Avoid mapping of actions in df-based cleanup
* refactor: Use loop to invoke `_delete_jobs` repeatedly
* refactor: Simplify code for df-based cleanup further
* refactor: Extract repeated lookup and loop into separate function
* Dependency cron 2026-02-03
* feat(ui): add bulk action checkboxes to test overview filters
* feat(openqa-clone-custom-git-refspec): add "BADGE" mode
* fix(openqa-clone-custom-git-refspec): fix "MARKDOWN" mode
* feat(UI): add delete button for job groups and parent groups
* refactor(javascripts): harden by using const in admin_groups.js
* feat(api): prevent deletion of non-empty parent job groups
* docs: Fix typo in MCP documentation
* docs: Improve note about enabling modern Perl features
* test: Remove unused parameters in `OpenQA::Test::Case::login`
* navbar: add new item in menu to link MCP documentation
* Refactor t/lib/OpenQA/Test/Case.pm with signatures
* test: Consider all API controller code covered
* test: Cover remaining error cases of worker API
* fix: Improve error handling when updating records in admin tables
* test: Ensure consistent coverage of job cancellation function
* Prepare documentation generation for Leap 16.0
* test: Cover remaining lines of `Search.pm`
* test: Cover remaining lines of `Locks.pm`
* refactor: Simplify `JobTemplate::destroy`
* refactor: Remove unused code from `JobTemplate.pm`
* git subrepo pull (merge) external/os-autoinst-common
- Update to version 5.1769644379.ef069e9d:
* style: Add quotes in openqa-bootstrap
* feat: default API key expiration to 1 year, aligning with UI
* feat: wrap array in an object in api_key API responses
* feat: add API endpoint for deleting API keys
* feat: add API endpoint for listing API keys
* feat: add API endpoint for creating API keys
* fix(openqa-bootstrap): prevent shellcheck warning SC2086
* Add dependency on 'file'
* refactor: Write code in `JobGroup.pm` in a more compact way
* test: Consider `Job.pm` fully covered
* test: Add tests for error handling of artefact upload
* refactor: Format artefact upload test in a more compact way
* test: Add tests for using assigned worker on job status updates
* test: Add tests for re-scheduling invalid scheduled product
* test: Add tests for querying non-existent scheduled product
* refactor: Use more compact coding style in `show_scheduled_product`
* refactor: Improve `Mm.pm`
* test: Improve tests of multi-machine API
* Remove unused module Config::Tiny from dependencies
* Handle links on test_log on missing git repo extension
* test: Consider `Test.pm` fully covered
* test: Extend tests for showing dependency graph
* fix: Merge parallel clusters correctly for displaying dependency tree
- Update to version 5.1769550212.662a4f95:
* refactor(investigation): Use TEST_GIT_URL and NEEDLES_GIT_URL
* refactor(investigation): Rename gitrepodir function
* Restart: handle subclassed AMQP plugin
* Revert "Update CircleCI image to Leap 16.0"
* fix: Fix invalid HTML in test creation form
* feat: Make test creation discoverable to all users
* refactor: Simplify/extend flash message templates
* feat: Avoid confusing/wrong "Administrator level required" error
* Update CircleCI image to Leap 16.0
* feat: Support `async=1` flag via `openqa-cli schedule --monitor`
* fix: Avoid serializing `null` click point after e19aee4 and da7cce6b
* test: Fix failing style checks due to test file with invalid YAML
* test: Cover redirection to Git platform via CASEDIR and TEST_GIT_HASH
* fix: Fix error handling when redirecting to Git platform
* test: Distinguish different cases for showing settings files
* test: Cover case of invalid scenario definitions when creating test
* test: Consider `Step.pm` fully covered
* test: Cover case of showing unsupported results
* fix: Improve condition for checking valid step result
* test: Cover case of showing candidate needle with no tags
* refactor: Simplify `calc_matches`
* refactor: Write uncoverable error handler in one line
* refactor: Simplify `_new_screenshot`
* refactor: Rewrite code for screenshot name in a more compact way
* test: Cover options to take images/areas from existing needles
* Use body parameters in POST request
* feat: Add symlink for aeon in openqa-bootstrap script
* chore(deps): bump lodash from 4.17.21 to 4.17.23
* test: Add test for displaying audio results
* test: Cover remaining lines of `File.pm`
* feat: Improve log message about invalid config in df-based cleanup
* feat: Add dry run to df-based cleanup of job results
* Fix grammatic mistakes on the snapshots documentation
* Describe how snapshots work internally
* doc: Improve wording in documentation about space-aware cleanup
* doc: Clarify settings for space-aware cleanup
* doc: Use "file system" consistently in comments in config files
* doc: Wrap comments in `openqa.ini` at 80 characters
* doc: Use "file system" consistently in users documentation
* doc: Mention also `???_cleanup_max_free_percentage`
* doc: Move documentation about space-aware cleanup into its own section
* doc: Use "filesystem" instead of "partition" in config comments
* fix: Account deletion of screenshots of archived jobs correctly
* doc: Mention variables for df-based job result cleanup
* feat: Consider archive as well in df-based cleanup of job results
- Update to version 5.1769068942.639067ee:
* Dependency cron 2026-01-22
* feat: Show limits on "Next & Previous" tab within table
- Update to version 5.1768996386.e3f58202:
* fix: Avoid Perl warning if product spec contains undef values
* GenericBug: Add [QE] to the subject
* doc: Mention version lookup of mediums and special value `*`
* doc: Wrap section about medium types consistently at 80 characters
* doc: Remove surplus white-space
* chore: Improve indentation/wrapping of comment
* feat: Improve error message when product contains no templates
* tests: Improve/add tests for "no products found" case
* KernelBug: Extend the kernel bug template
* feat: Improve error message when falling back to version `*`
- Update to version 5.1768856318.847e4fc7:
* fix(systemd): prevent openqa-gru starting while mounts are unavailable
* fix(systemd): try restarts on failure to be more resilient
* feat: Show when "Next & Previous" jobs are limited
* refactor: Format SQL code for "Next & Previous" jobs more nicely
* refactor: Simplify determining latest job in "Next & Previous" list
- Update to version 5.1768564451.45d5d5b2:
* OpenSuseIssueReporter: Avoid multiple push calls
* unit_tests: Add unit tests for OpenSuseBugzillaUtils
* unit_tests: Adapt the UI tests to the new kernel bug button
* plugins: Introduce OpenSuseIssueReporter for external issue reporting
- Update to version 5.1768402729.462b3957:
* feat: optionally configure fake auth key+secret+expiration
- Update to version 5.1768323619.9a70ab91:
* refactor: Extend tests of df-based cleanup
* fix: Avoid wrong deletion of archived jobs in df-based cleanup
* refactor: Move logic for validating percentage into helper
* refactor: Clarify wording in comment regarding job cleanup
* Use template literals in certain JavaScript code
* Retry delete_needles job on server restart
* Add test for _delete_needles
* feat(OpenQA::Git): Cleanup git dir in commit() on shutdown
* feat: Improve rendering results on the scheduled product page
- Update to version 5.1768209690.f34c2973:
* feat(scheduled-products): Allow adding note to result data
* docs: Use node_modules target
* docs: Mention minimum PostgreSQL version
* ci: Update PostgreSQL in CI/packaging to at least 14
* Revert "Add MCP tool annotations for Claude connector compliance"
- Update to version 5.1767868268.dacbd3f7:
* Add MCP tool annotations for Claude connector compliance
- Update to version 5.1767864265.63cd20df:
* Skip caching for KERNEL and INITRD variables
- Update to version 5.1766150951.2799046e:
* Coverage of openQA: add folder Client/ in codecov.yaml
* Improve openQA coverage of _download_handler in Archive.pm
- Update to version 5.1766053374.57cdeee3:
* fix(docs): Fix indentation in job template examples
* feat(Needle::Save): Adapt to new error handling
* feat(OpenQA::Git): Make error handling more flexible with exceptions
- Update to version 5.1765887110.8fc02990:
* Avoid partial deletion of a screenshot if Minion job is aborted
* Add `SignalBlocker` to delay signal handling during critical sections
- Update to version 5.1765805960.2112d43d:
* fix(codecov): Fix wrong casing for 'fully_covered' entries
- Update to version 5.1765535865.b566a24c:
* fix(codecov): Be strict about coverage thresholds
* Show jobs that have been cloned when `t` parameter is used on overview
- Update to version 5.1765469360.5c0525b5:
* worker: Add coverage for OVS DBus checks
* Fix overview when filtering by test and module result at the same time
* Return signal as part of run_cmd result
* Add scanner for untracked screenshots
* KTAP: Properly hide details of a skipped subtest
* docs: Restory logic of the sentence about NFT vs firewalld
* docs: Clarify DHCP/RA availability on MM networks
* feat: Allow to configure key+secret with env variables
- Update to version 5.1765286149.3debb8ea:
* KTAP: Don't increment parsed_lines_count in "SKIP" lines
* KTAP: Define unparsed_lines and parsed_lines_count
- Update to version 5.1765217707.d6e697fd:
* Test commenting on overview page together with TODO filter
* Fix job IDs that are considered for mass-commenting on overview page
- Update to version 5.1765009312.be30f6e0:
* README: Remove left-over empty badge reference
- Update to version 5.1764349525.ffb59486:
* Also use TIMEOUT_SCALE for priority malus calculation
* docs: Fix wrapping and typo
* Document multi machine ovs flow setup and IPv6 usage
* Avoid computing time constraint for scheduled product cleanup in Perl
* rpm: Move `???-enqueue-needle-ref-cleanup` to other `???-enqueue-???`
scripts
* Add task to limit scheduled products similar to audit events
* Extract generic parts from audit event cleanup task into generic task
* parser: ktap: Show full output by default if no line was parsed
* Ignore npm scripts also via `.npmrc` to make bare npm calls more secure
* Avoid repeating `MAIN_SETTINGS` in various places
* Fix possibly excessive memory use when computer test result overview
* Fix typo in `_prepare_complex_query_search_args`
* Fix indentation in `overview.html.ep`
* Prevent logging AMQP credentials in debug output
* Make restart_openqa_job emit proper event payload
* Enable gru tasks to emit AMQP messages
* Remove explicit loading AMQP plugin in Gru plugin
* Emit restart events when job restarted automatically
* Add debug message about priority malus
* Fix ordering of job groups after 2ad929ceca43d
- Update to version 5.1763743683.1da97aa2:
* Optimize Job Group dropdown database query
* Split dependency handling out of create_from_settings
* Give jobs with high MAX_JOB_TIME a priority malus
* Make the number of builds per group on the front page configurable
* docs: Feature auto-generated deepwiki less prominently
* apparmor: Additional perms for tests in osado to run
- Update to version 5.1763153079.b36ac754:
* Skip a build if there are no jobs
* Remove unused variable
- Update to version 5.1762879267.52145e9a:
* Avoid installing unwanted package versions
* Fix check in git_clone for dirty git dir
* Prevent `t/24-worker-webui-connection.t` from running into timeout
* Be explicit about certain aspects of archiving in the documentation
* Fix sporadic failures in `t/ui/10-tests_overview.t`
* Adapt os-autoinst-scripts reference after rename
* Properly conclude scheduling if there are no jobs
- Update to version 5.1762193001.2f6e71ca:
* Potentially improve stability of `t/ui/16-tests_job_next_previous.t`
* Avoid failing check in `t/16-utils-runcmd.t`
* README: Add deepwiki badge
* Dependency cron 2025-10-27
* Retry image optimizations
- Update to version 5.1761296552.ae7c17aa:
* Add tests for file_security_policy
* Pass parameter $is_userfile to log_url
* Remove redirect and serve files as attachments if necessary
* Serve files uploaded by tests via asset domain
* Use direct link to subdomain for the test assets
* Revert "Don't redirect to asset domain via /needles/ID/(image|json)
route"
* Revert "Don't redirect screenshots, thumbs and needles to files_domain"
- Update to version 5.1761228068.a3a7f84d:
* Dependency cron 2025-10-23
- Update to version 5.1761037330.ad78558e:
* Avoid needless check for number of clones
* Avoid creation of `git_clone` tasks for jobs with empty `DISTRI`
- Update to version 5.1760515610.a802d1dd:
* Lower the prio of archiving jobs to avoid piling up finalize jobs
* Add signatures in Schema::Result::ApiKeys
- Update to version 5.1760245411.e3aeaaec:
* Dependency cron 2025-10-12
- Update to version 5.1760108577.fd2f2a48:
* Log unavailability due to high load only as warning
* Filter job stats of scheduled products also by arch and build
* Document how to disable image optimizations
* Make image optimization errors stop the job producing an incomplete job
* Improve wording in description about job stats API
* Run `optipng` for real and handle errors if it fails
- Update to version 5.1759912962.689b31ed:
* Avoid failing `obs_rsync_run` jobs when restarting `openqa-gru.service`
- Update to version 5.1759834744.06a7028a:
* parser: ktap: Return earlier if subtest result is SKIP
* parser: ktap: Fallback to subtest index if name is not available
- Update to version 5.1759440640.bb989cab:
* Don't redirect to asset domain via /needles/ID/(image|json) route
- Update to version 5.1759402042.49e912c3:
* Introduce array job settings
* Retry `obs_rsync_update_*` tasks if Gru service terminates
- Update to version 5.1759329378.3b8e8685:
* Reduce the number of required checks for Mergify again
* Ensure a failing cache service is seen as such by the worker/scheduler
- Update to version 5.1759248257.70b23b32:
* Increase number of successful checks in Mergify config again
* Disable Helm Chart CI checks temporarily
* Consider all jobs for cleanup, not just jobs that were executed
* Verify job deletion when dependent job present
- Update to version 5.1759149505.49c40b0b:
* Use always the latest PostgreSQL image in Compose and documentation
* Update the PostgreSQL version in the contributing documentation
* Update PostgreSQL data path in Docker Compose file after updating to
v18
* Specify PostgreSQL version in Docker Compose configuration explicitly
* mergify: Allow more time for dependabot update reaction
* Remove version property from docker-compose
* README: Fix openQA badge after switch to UEFI
* build(deps-dev): bump eslint from 9.35.0 to 9.36.0
- Update to version 5.1758910696.7549bb98:
* Replace argument assignment with signatures on ObsRsync/Task
* Enable automatic dependabot updates again after improvements
* docs: Add instructions for a continuous dashboard setup
* Replace argument assignment with signatures Folders package
* Fully cover WebAPI::Plugin::ObsRsync::Controller::Folders
* script: Also use OPENQA_WEBUI_MODE for related services
- Update to version 5.1758814503.03d923a4:
* Use Mojo::File in Worker for is_qemu_running
* Use Mojo::File in Worker for meminfo
* Document archiving of important jobs
- Update to version 5.1758729450.b88c0b40:
* Reject jobs if worker is broken when receiving a new job
- Update to version 5.1758711845.e5c02221:
* script: Allow to configure openQA mode
* t: run at least once Memorylimit register with max_rss_limit > 0
* Replace argument assignation with signatures on MemoryLimit
- Update to version 5.1758632540.ed64f555:
* Check for consistent zypper setting for auto/continuous-update
* Ignore scripts when installing NPM packages in RPM builds
* Avoid installing NPM dev deps unnecessarily in RPM builds
* Avoid installing NPM dev deps unnecessarily in `Makefile`
- Update to version 5.1758551670.e3aa50f9:
* Don't redirect screenshots, thumbs and needles to files_domain
* Cleanup .gitignore files
* Update Dockerfile to setup proxy via script/configure-web-proxy
* Redirect test assets to file_domain if configured
* Make sure assets are generated before listing them
- Update to version 5.1758307053.75367131:
* docs: Fix shell syntax in development setup
* Replace argument assignment with signatures on ObsRsync
- Update to version 5.1758276230.9cef0ea3:
* Treat SVG files as attachment for security reasons
* Fix LegacyKeyValueFormat on openqa_data/Dockerfile
- Update to version 5.1758194931.aa2c9a8b:
* bootstrap-container: Workaround SELinux issue by split of zypper calls
* Prevent abort while doing database interaction in Delete needles
- Update to version 5.1758036156.d3e99d09:
* Temporarily require manual review of Dependabot PRs
* Prevent warning from `DBIx::Class::Storage::TxnScopeGuard`
* Avoid sporadic test failures in `t/ui/15-comments.t`
* Worker: Detect IPMI config and shutdown SUT when unused
- Update to version 5.1757954579.4d0727fe:
* Use of finish method in place of close_connection
* Clean up streamtext signature from unused params
* Fix invocation of `validateJobGroupForm()` when expanding group editor
* Improve showing advanced fields in case there are warnings
* Avoid race condition when creating job asset
* Ensure the `created_by` flag of job assets is set during registration
* Add unit test for 486c6e05ca
* build(deps-dev): bump debug from 4.4.1 to 4.4.3
* Update automatically updated group properties in UI
* Automatically increase important durations to match regular durations
- Update to version 5.1757798615.f8615cd6:
* t: Fix comparison by interpolating variable
- Update to version 5.1757696527.61d51d58:
* Avoid partitioning in raid0 device
* Avoid "Server returned ???" error if there is an actual error message
* Highlight invalid/problematic group config fields in UI when applying
* Improve validation of cleanup configuration
* AMQP: include list of failed modules in job.done messages
- Update to version 5.1757597587.61c22a78:
* Add usage examples of netrc to the access tokens
- Update to version 5.1757512851.666d7dc7:
* build(deps): bump datatables.net-bs5 from 2.3.3 to 2.3.4
* Fix regression handling retention of important jobs
* Use newly introduced `_all_parents` function in `_sort_dep` as well
* Include parallel children when scheduling with `_INCLUDE_CHILDREN=1`
* build(deps-dev): bump eslint from 9.34.0 to 9.35.0
* Fix typos in PosgreSQL related documentation
* Use autoyast ERB helper to detect disk dynamically
* Use find_or_create when registering assets
* Stop logging confusing exception when GruTask is gone
* parser: ktap: Don't add skipped subtests to output
* t: Use proper test description strings in 03-auth.t
* t: Condense variable assignment with ok-check
- Update to version 5.1757135418.ec726f9c:
* Dependency cron 2025-09-06
- Update to version 5.1757084700.fad3731d:
* Ensure no untracked files in unit test run part 2
* Dependency cron 2025-09-05
* Add MCP support as an optional feature
* Allow specifying a full domain via `file_security_policy`
* Allow using a different subdomain via `file_security_policy`
* t: Ensure no leftover files in git directory
* ci: Ensure clean git status with Test::CheckGitStatus
- Update to version 5.1757005118.aac56dbc:
* CI: Fix SLE_15_SP6_Backports repo lookup order
* Add perl(MCP) dependency in preparation for AI support
* build(deps-dev): bump @humanfs/node from 0.16.6 to 0.16.7
* Revert "MCP: Add MCP support as an optional feature"
* Fix typo on Contributing documentation
* Add MCP support as an optional feature
* Reword `can't write` to `Cannot write` as suggested by review comment
* Ensure destination dir for asset downloads exists when cloning jobs
* build(deps): bump ace-builds from 1.43.2 to 1.43.3
- Update to version 5.1756962167.74f0204f:
* Dependency cron 2025-09-04
- Update to version 5.1756905114.bb4fa746:
* Fix syntax error in nginx config
* Mark unconfigured api route log as uncoverable statement
* Increase test coverage for lib/OpenQA/WebAPI/Description.pm
* parser: ktap: Don't write diagnostic data into $subtest_name
* Extend tests for configuring subdomain to serve files
* Avoid job terminated unexpectedly with signal handler in delete needles
* Allow configuring subdomain for serving logs/assets more securely
* Do not invoke Mojo::IOLoop->remove twice
* Add support for Bearer token authentication
* Worker::Engines::isotovideo: Simplify using more Mojo::File
* Worker::Engines::isotovideo: Remove obsolete comment
- Update to version 5.1756479924.9488e2cc:
* docs: Fix typo in path to script folder
- Update to version 5.1756374919.f1ac1b58:
* build(deps): bump bootstrap from 5.3.7 to 5.3.8
* build(deps-dev): bump eslint from 9.33.0 to 9.34.0
* parser: ktap: Sanitize spaces from group name
* Cleanup unused parameter in streamtext
* build(deps): bump datatables.net-bs5 from 2.3.2 to 2.3.3
* Document semantics of low limits for important data
* Log disconnection of the livehandler due to file changes
* Disallow browsing HTML assets/results/logs by default
* Extend coverage on streamtext function of Running.pm
* Fix Too few arguments for subroutine error on close_connection
* Handle 'expand_placeholders' return value consistently
- Update to version 5.1755616303.131c0f0a:
* Add space in concatenation of args and string for the fall back note
- Update to version 5.1755609067.e3c951fe:
* Stash gru_dependencies to avoid helper usage in view
* Move infopanel gru task link creation to the controller
* Create test for GRU task in test details
* Link minion job from openQA job with waiting task
- Update to version 5.1755504216.b51ff4b1:
* Use signatures in worker reactor error handler
* Use signatures in worker job code and related mocking
- Update to version 5.1755366162.ba8741a1:
* Use backticks in docs for querying job settings
- Update to version 5.1755247660.ecd6aa3e:
* Fix return code of worker in error case
* Prevent worker from getting stuck on fatal error during upload
* Describe job_settings/jobs in UsersGuide
* Describe job_settings/jobs in UsersGuide
* Add perlpod for job_settings/jobs
* Fix generation of PDF documentation
* Remove outdated comment in worker error handling
* tests: Extend ktap parser tests to cover TODO directive
* parser: ktap: Polish the ktap parser
* parser: ktap: Add handling of the TODO directive
* parser: ktap: Refactor to use internal state
- Update to version 5.1755087548.49d62b92:
* Add instructions for running a openQA/tools dev environment
- Update to version 5.1754970590.1f9110da:
* build(deps-dev): bump eslint from 9.32.0 to 9.33.0
- Update to version 5.1754903895.e603536f:
* build(deps-dev): bump @eslint/plugin-kit from 0.3.4 to 0.3.5
* build(deps-dev): bump @eslint/core from 0.15.1 to 0.15.2
* build(deps-dev): bump @eslint/config-helpers from 0.3.0 to 0.3.1
- Update to version 5.1754716201.09d147dc:
* Dependency cron 2025-08-09
- Update to version 5.1754665747.0074044f:
* Revert "Rewrote client script from perl to bash to fix heavy tests"
* Revert "Remove test related to deprecated client script"
- Update to version 5.1754567283.cc45a4c0:
* Rewrote client script from perl to bash to fix heavy tests
* Remove script declaration on profiles
* build(deps-dev): bump eslint-plugin-prettier from 5.5.3 to 5.5.4
* Remove test related to deprecated client script
* Obsolete script/client after 4 year deprecation period
- Update to version 5.1754477962.22b1fea4:
* Extend docs on lua test modules
- Update to version 5.1754383059.0426baa1:
* Dependency cron 2025-08-05
* Fix LegacyKeyValueFormat in Dockerfiles
- Update to version 5.1754297241.bf37533a:
* Stop flagging obs_rsync errors as failures
* Mention use of CRITICAL_LOAD_AVG_THRESHOLD
- Update to version 5.1753967288.48036af4:
* Double default storage duration for jobs in database
- Update to version 5.1753868091.5fba34bf:
* docs: Remove deprecated references to openqa-client
* Fix weird validation errors of date time on API keys page
* build(deps-dev): bump eslint from 9.31.0 to 9.32.0
* Simplify `_set_default_storage_durations`
* Rename template for "Show advanced cleanup ???" button
* Use loop to setup validation of cleanup properties
* Validate cleanup fields for important jobs as well
* Ensure advanced cleanup settings are shown if error relates to them
* Improve showing error in group property editor
* Fix id/label/default in group property editor after recent changes
* Move link to documentation next to "Show advanced ???" button
* Improve help popover for retention durations
* Collapse settings for keeping jobs in database longer by default
* Reorder group property editor so important fields come first
* Move lengthy description of cleanup settings to the users guide
* Update and improve documentation about cleanup
* Explain what "important" means in help popover of group properties
* Ensure default config of limits/durations make sense
* Make use of configured job storage duration when limiting jobs
* Extend UI for configuring job storage duration
* Extend job group API for configuring job storage duration
* Add settings for configuring job storage duration
* Add database columns for configuring job storage duration
* Show note about sorting on group overview pages
* Improve documentation section about Python API
* Mention Lua based tests in documentation
- Update to version 5.1753703782.e7ffc367:
* docs: Clarify that openQA is not only Perl
* Use and recommend --ignore-scripts with npm install
- Update to version 5.1753506485.d911de9f:
* Dependency cron 2025-07-26
* Require openssh-clients for git clone with ssh
* Allow empty values in openqa-cli parameters
- Update to version 5.1753359903.308980e8:
* Retrieve oldest/newest build results job in the loop
- Update to version 5.1753279335.b2b4eddc:
* Clarify role of set_var in variable precedence
* Use signatures in code for handling special group columns
* Sort keys in test of job group API
* Avoid duplicated code in job group API code
* Dependency cron 2025-07-23
* build(deps-dev): bump @eslint/plugin-kit from 0.3.3 to 0.3.4
* Allow querying the state of scheduled products by distri/version/flavor
* unit_tests: Add unit tests for KTAP parser
* parser: Add KTAP parser for handling kernel selftests
* Deduplicate openqa-cli options and help
- Update to version 5.1753110584.5810ee79:
* build(deps-dev): bump eslint-plugin-prettier from 5.5.1 to 5.5.3
* build(deps-dev): bump synckit from 0.11.8 to 0.11.11
* build(deps-dev): bump @pkgr/core from 0.2.7 to 0.2.9
* build(deps-dev): bump eslint-config-prettier from 10.1.5 to 10.1.8
* Replace bareword filehandles with lexical filehandles
* Add spaces around signatures
* Do not quote hash keys unless necessary
* Use single quotes where no interpolation is happening
* Fix PostgreSQL startup failure in non-systemd environments
* Support short test urls in openqa-clone-custom-git-refspec
* Escape comments in regexes
- Update to version 5.1753006709.37380d09:
* tidy: Enforce blank lines before subs
- Update to version 5.1752690982.12f3e8e6:
* Add link to Helm in README
- Update to version 5.1752668195.a61b311b:
* Make hint about cloning example repo more prominent
* build(deps): bump ace-builds from 1.43.1 to 1.43.2
- Update to version 5.1752509403.fe96ee50:
* build(deps-dev): bump eslint from 9.30.1 to 9.31.0
- Update to version 5.1752296678.00670b57:
* Dependency cron 2025-07-12
- Update to version 5.1752221648.28a02145:
* Fix build overview timestamps
- Update to version 5.1752164310.2f1c94d6:
* openQA-bootstrap: Replace hardcoded openqa directory path with variable
* Avoid trying to insert job modules without all required fields
* Removed unused and erroneous function `update_backend`
* Validate fields of update status before using them
* Schema::Result::Jobs: Catch undefined parent jobs
* Skip upload of test modules and extra tests with no name
* worker: disconnect dbus from NameOwnerChanged signal (POO #183833)
* Fix race cond when date ref job got deleted while serving build list
* Prevent error when workers config not found, throw warning instead
- Update to version 5.1751964812.235a2034:
* Revert "Update CircleCI image to Leap 16.0"
* Update CircleCI image to Leap 16.0
- Update to version 5.1751898525.cfb73284:
* Avoid `Transaction already destroyed` being logged as error
* Get BUILD time from oldest job if not sorting by newest job per build
* Implement build version sorting by oldest job in build
* Add frontend config option to sort by oldest job per build in jobgroup
* Allow schemeless ip address as job url
* Refactor and add tests for openqa-clone-job
* Convert build version sorting type from bool to int
- Update to version 5.1751834777.ce019b36:
* dist: Simplify dependency for /etc/os-release (boo#1244139)
- Update to version 5.1751707651.71eebf76:
* dbicdh: Cleanup pre-2020 files
* Avoid showing AJAX error on index page when user is navigating
elsewhere
* Dependency cron 2025-07-03
* Avoid showing confusing data in the needles table
- Update to version 5.1751472215.9a30d4e5:
* Discard needles under symlinked locations from needles table
* build(deps): bump ace-builds from 1.43.0 to 1.43.1
* build(deps-dev): bump eslint from 9.30.0 to 9.30.1
* Fix pagination in server-side tables
* openqa-bootstrap: Prevent error about unknown hosts (boo#1245378)
* Bump eslint from 9.29.0 to 9.30.0
* Avoid creating stale needle entries in needle editor when symlinks used
- Update to version 5.1751367844.1d8f9140:
* create_admin: improve search for admin users
* create_admin: fix for POO #179359 changes
* openqa-bootstrap: Allow curl to follow redirects (boo#1245379)
* Fix debugging SQL queries via `OPENQA_SQL_DEBUG`
* Apply dependency changes after adding python3-argparse-manpage
* Use argparse-manpage to create openqa-label-all.1
* Bump prettier from 3.6.0 to 3.6.2
* configure-web-proxy: deal with debian-style sites-available
* apparmor: +/usr/bin/env
* apparmor: additional worker perms
* apparmor: allow access to Arm UEFI (AAVMF) files
* apparmor: enable use of git-lfs for worker
* Bump @eslint/plugin-kit from 0.3.2 to 0.3.3
* Add --odn option to specify openqa.debian.net
* Command.pm: add missing quotes to o3 & osd options
* configure-web-proxy: Use variables for /etc paths
- Update to version 5.1751274619.acdc8609:
* Apply dependency changes after adding python3-argparse-manpage
* Use argparse-manpage to create openqa-label-all.1
* Makefile: generate manpages
* Add manpage (as POD) to openqa-validate-yaml
* Bump prettier from 3.6.0 to 3.6.2
* configure-web-proxy: deal with debian-style sites-available
* Add Documentation to some systemd units
* Add --odn option to specify openqa.debian.net
* Command.pm: add missing quotes to o3 & osd options
* configure-web-proxy: Use variables for /etc paths
- Update to version 5.1751037189.b3da736b:
* Bump prettier from 3.6.0 to 3.6.2
* configure-web-proxy: deal with debian-style sites-available
* apparmor: +/usr/bin/env
* apparmor: additional worker perms
* apparmor: allow access to Arm UEFI (AAVMF) files
* Bump @eslint/plugin-kit from 0.3.2 to 0.3.3
* Add --odn option to specify openqa.debian.net
* Command.pm: add missing quotes to o3 & osd options
* configure-web-proxy: Use variables for /etc paths
- Update to version 5.1750754160.1caccdc7:
* Bump prettier from 3.5.3 to 3.6.0
* Bump ace-builds from 1.42.0 to 1.43.0
* Log less verbose error message for missing files
* Allow dots in test names
* Refactor existing Helm Charts and README
- Update to version 5.1750408965.72531a72:
* Extend single-instance container documentation
* Bump bootstrap from 5.3.6 to 5.3.7
* apparmor: Allow read access to device-tree files
- Update to version 5.1750237596.0e254038:
* Bump eslint-plugin-prettier from 5.4.1 to 5.5.0
* Avoid adding non-fatal API errors as incomplete reason in general
* Avoid misleading errors about the websocket connection
- Update to version 5.1750081859.24dae152:
* Bump eslint from 9.28.0 to 9.29.0
* Document where docs/images/openqa-in-5-minutes.webm comes from
* Fix string definition to be more consistent
- initial package Changes in os-autoinst:
- Update to version 5.1782809557.0ae98f8:
* docs: document testing custom os-autoinst forks within openQA
* feat: Also output module information for wait_serial result steps
* feat: Add module name and step number to autoinst-log
* feat: Log the CASEDIR git url/hash for easy frontend access
* fix: exclude virt-firmware on older Leap ppc64
* fix: stop deepening when repo is no longer shallow
- Update to version 5.1782140090.fe34efb:
* fix: exclude virt-firmware on older Leap ppc64
* style: enforce signatures in anonymous subroutines
* fix: stop deepening when repo is no longer shallow
* ci: disable Mergify interactive queue controls in PR comments
* style(perlcritic): Add Modules::ProhibitConditionalUseStatements
* refactor: improve t/01-test_needle.t structure and style
- Update to version 5.1781797043.0fb1077:
* test: assert Level 3 pretty serial markers
* fix: fallback pretty marker console to 'sut'
* test: fix color test resilience to NO_COLOR
* fix: stop QMP wait hangs on early QEMU exits
* fix: stop autodie unlink crashes in qemu backend
* fix: cleanly recreate virtio console pipe if already exists
* fix: suppress spurious virtio console unlink warnings
* test: reliably assert pipe size adjustments
- Update to version 5.1781702821.22ced0d:
* ci: Avoid unresolvable os-autoinst-openvswitch-test package for SLE-SP7
* fix: Avoid unresolvable os-autoinst-devel-test package for SLE-SP7
* feat: expose detect_serial_marker_capability as public
* chore(mergify): adjust expectations to current OBS checks
* style(perlcritic): Add BuiltinFunctions::RequireBlockGrep
- Update to version 5.1781620242.0160257:
* fix: Fix comment about OVMF firmware locations
* fix(test): fix Test::More precedence in autotest
* git subrepo pull (merge) --force external/os-autoinst-common
* feat: Avoid silent fallback to MS certs with `UEFI_PFLASH_CERTS`
* fix: Fix enrolling cert in UEFI firmware vars for SecureBoot
- Update to version 5.1780506677.7bacdcd:
* test: enable pretty serial markers in full-stack test
* test: replace Core 7.2 ISO with bash-remastered version
* test: add script to remaster Core ISO with bash
* feat!: fail by default if always_rollback is not supported
* fix: Clean up the last VM disks to avoid disk image creation failure
* fix: script_run - type command and marker together on serial console
* fix: fail explicitly on test module basename collisions
- Update to version 5.1780410333.aed07e0:
* fix(test): use linuxboot_dma.bin in 18-backend-qemu.t
* feat: consolidate tidy targets into CMake
* fix: fail explicitly on test module basename collisions
* feat(mouse_drag): use the clickpoints
* test: allow to configure full-stack test output directory
* test: allow shortening long typing in full-stack tests
- Update to version 5.1780332012.6ee8da2:
* chore(AGENTS.md): phrase tidying as mandatory
* feat(mouse_drag): use the clickpoints
* test: allow to configure full-stack test output directory
* test: allow shortening long typing in full-stack tests
* chore: video_stream: accept ustreamer version 8
- Update to version 5.1779973703.70686ac:
* ci: Use CI container in fullstack test as well
* feat: Log details about relevant port if cmd srv cannot be started
* refactor: Move function to get port details to OS utils
* refactor: Use Feature::Compat::Try consistently
* perf: use sourcing for efficient pretty serial marker activation
* fix: Fix condition for devel/deps packages
* feat: use efficient OA_NO_MARKER skip flag for pretty serial markers
* refactor: use __oa_prompt shell function for pretty serial markers
* feat: warn on manual serial terminal redirection in script_run
- Update to version 5.1779461317.d4fb5bd:
* refactor: Use Feature::Compat::Try consistently
* perf: use sourcing for efficient pretty serial marker activation
* fix: Fix condition for devel/deps packages
* fix: Fix condition for Lua support
* ci: Build packages for SLE 15 SP7 instead of SP6 which reached EOL
* ci: Remove package builds for Leap 15.6 as it reached EOL
* feat: use efficient OA_NO_MARKER skip flag for pretty serial markers
- Update to version 5.1778246511.7a6bac3:
* feat(qemu): improve port conflict detection and VNC error diagnostics
* fix: restore serial marker hook after switching users
* fix: handle pre-marker pending text in script_output
* fix: echo json_cmd_token in isotovideo responses
* style: unify copyright headers by dropping years
- Update to version 5.1778097909.35320dd:
* feat(qemu): improve port conflict detection and VNC error diagnostics
* fix: restore serial marker hook after switching users
* fix: handle pre-marker pending text in script_output
* fix: echo json_cmd_token in isotovideo responses
* style: unify copyright headers by dropping years
- Update to version 5.1778069368.c751b82:
* feat(qemu): improve port conflict detection and VNC error diagnostics
* fix: restore serial marker hook after switching users
* fix: handle pre-marker pending text in script_output
* fix: echo json_cmd_token in isotovideo responses
* fix: re-install serial marker hook after console reset
- Update to version 5.1777891128.f572829:
* fix: handle pre-marker pending text in script_output
* fix: echo json_cmd_token in isotovideo responses
* fix: re-install serial marker hook after console reset
* fix: support pretty_serial_markers in script_output regex
* fix(test): handle D-Bus AccessDenied in Open vSwitch test
- Update to version 5.1777537682.913fce0:
* fix: re-install serial marker hook after console reset
* fix: support pretty_serial_markers in script_output regex
* feat: disable storage check in CI environments
* fix(test): handle D-Bus AccessDenied in Open vSwitch test
* fix: Avoid restarting openvswitch/NM after OVS bridge setup
* refactor: import IO::Socket::UNIX explicitly wherever is used
- Update to version 5.1776943886.0619ca6:
* feat: add absolute storage threshold to prevent over-conservative
aborts
* style: Enforce ProhibitNegativeExpressionsInUnlessAndUntilConditions
* style: Enforce perlcritic policy BuiltinFunctions::ProhibitStringySplit
* style: Enforce perlcritic policy BuiltinFunctions::RequireBlockMap
* git subrepo pull (merge) --force external/os-autoinst-common
* chore(mergify): Update required number of successful checks
- Update to version 5.1776765124.5d91657:
* feat: fail explicitly if always_rollback is not supported
* feat: add unique hash to pretty serial markers
* feat: include executed command in step details and serial markers
* docs: explain assert_screen semantics with multiple tags
* feat(debugviewer): Move to /usr/lib
* feat(snd2png): Move to /usr/lib
* feat: Prefer modules in CASEDIR/lib over test module paths
- Update to version 5.1776179508.bd2644d:
* feat: abort test with incomplete if requested HDD size > threshold
* chore: Remove obsolete HashKeyQuotes module
* chore(deps): Remove obsolete Freenode::StrictWarnings policy
* fix(manpages): Fix the output of pod2man
* chore(ci): bump checkout v4->v6
- Update to version 5.1776074266.6a6c5ee:
* fix(manpages): Fix the output of pod2man
* fix(t/08-autotest.t): Fix FTBFS for reproducible builds
* chore(ci): bump checkout v4->v6
* fix: prevent deprecation warning about "spurt"
* style(llm): use indented heredocs for better readability
* refactor: consolidate logic in _detect_serial_marker_capability
* style: use non-capturing group for BASH version detection
* fix(distribution): make PRETTY_SERIAL_MARKER reboot-safe
* refactor: early returns in _detect_serial_marker_capability
- Update to version 5.1775932217.bd11042:
* fix: prevent deprecation warning about "spurt"
* feat(edid): Add virtio-vga-gl support
* style(llm): use indented heredocs for better readability
* refactor: consolidate logic in _detect_serial_marker_capability
* style: use non-capturing group for BASH version detection
* fix(distribution): make PRETTY_SERIAL_MARKER reboot-safe
- Update to version 5.1775744546.1ee50c6:
* style(llm): use indented heredocs for better readability
* refactor: consolidate logic in _detect_serial_marker_capability
* style: use non-capturing group for BASH version detection
* fix(distribution): make PRETTY_SERIAL_MARKER reboot-safe
* refactor: early returns in _detect_serial_marker_capability
* fix(consoles): support newer x3270 versions
* refactor: unconditionally import LLM analysis to fix coverage
* feat(llm): integrate LLM analysis into isotovideo
* feat(llm): add core LLM failure analysis module and tests
- Update to version 5.1775569433.3681116:
* fix(consoles): support newer x3270 versions
* refactor: unconditionally import LLM analysis to fix coverage
* feat(llm): integrate LLM analysis into isotovideo
* feat(llm): add core LLM failure analysis module and tests
* fix(t/34-git): make test resilient to default branch name changes
* chore(AGENTS.md): extend with better proactive style following
- Update to version 5.1774620706.b22e21b:
* feat: Add option to add signatures
* style: Add tool to add Mojo::Base include automatically
* test: Add CoverageWorkaround.pm
* test: Use Syntax::Keyword::Try::Deparse to avoid warnings
* chore: Reduce permissions of remaining workflow
* test: skip t/ files in Test::Compile syntax check
* refactor: Deduplicate svirt tests in t/22-svirt.t
- Update to version 5.1774551362.dd2a78c:
* feat(svirt): add "stop_vm" in consoles::sshVirtsh
* feat: correct isotovideo handle_shutdown log calls
* refactor(consoles/sshVirtsh): properly concatenate remote_vmm
* feat(svirt): retry disk create also in case of copy-img
* chore: Reduce permissions of workflows
* feat(VNC): Add AltGr key
- Update to version 5.1774435114.41aff24:
* style: Remove superfluous use of strict
* git subrepo pull (merge) --force external/os-autoinst-common
* Revert "style: Remove local Perl::Critic::Policy::HashKeyQuotes"
* style: Remove local Perl::Critic::Policy::HashKeyQuotes
* style: Add xt/02-perlcritic.t
* style: Fix Community::WhileDiamondDefaultAssignment
* style: Fix various no strict / no critic violations
* style: Fix OpenQA::HashKeyQuotes
* style: Fix OpenQA::SpaceAfterSubroutineName
* style: Fix ProhibitConditionalDeclarations
* style: Disable OpenQA::RedundantStrictWarning temporarily
- Update to version 5.1774283485.5af53fe:
* Revert "style: Remove local Perl::Critic::Policy::HashKeyQuotes"
* style: Remove local Perl::Critic::Policy::HashKeyQuotes
* style: Add xt/02-perlcritic.t
* style: Fix Community::WhileDiamondDefaultAssignment
* fix(ci): correct import of commit-message-checker
* style: Fix various no strict / no critic violations
* style: Fix OpenQA::HashKeyQuotes
- Update to version 5.1774101470.e82b4cb:
* feat: implement 'always_run' test flag
* refactor: use gitlint from os-autoinst-common
* git subrepo pull (merge) --force external/os-autoinst-common
* feat(snd2png): restore erroneously deleted test
* style: fix copyright in crop.py
* chore: remove unused pyproject line
* chore(deps): Add PPI to development dependencies
* chore(snd2png): update test.png.md5.original based on current snd2png
* test(full-stack): optimize execution time by reducing timeouts
* feat(vnc): make connection retry sleep configurable
* feat: add configurable secret key hiding support
- Update to version 5.1773429030.ba0de6e:
* fix: Correct number of internal test_count
* chore(AGENTS.md): add customized file
* chore(deps): add perl-Test-Perl-Critic dependency for parallel
execution
* fix: Remove logger message from else condition
* style: Use single quotes for strings without interpolation
* docs: convert doc/backend_vars.asciidoc to Markdown
* docs: convert README.asciidoc to Markdown
* docs: convert doc/memorydumps.asciidoc to Markdown
* feat: add gitlint pre-commit setup
- Update to version 5.1773327169.ae7c574:
* chore(AGENTS.md): add customized file
* chore(deps): add perl-Test-Perl-Critic dependency for parallel
execution
* chore(deps): Update perltidy
* fix: Remove logger message from else condition
* docs: convert doc/backend_vars.asciidoc to Markdown
* docs: convert README.asciidoc to Markdown
* docs: convert doc/memorydumps.asciidoc to Markdown
* feat: add gitlint pre-commit setup
- Update to version 5.1773245056.43fc8f0:
* chore(deps): Update perltidy
* fix: Remove logger message from else condition
* style: Use single quotes for strings without interpolation
* fix: restore author tests in CI and optimize git message check
* docs: convert doc/backend_vars.asciidoc to Markdown
- Update to version 5.1773054031.9ab699d:
* chore(deps): Update perltidy
* fix: Remove logger message from else condition
* style: Use single quotes for strings without interpolation
* fix: restore author tests in CI and optimize git message check
* refactor: move scheduling rules out of basetest::is_applicable
- Update to version 5.1772729929.93a4b15:
* feat: normalize gre tunnel script for NetworkManager and wicked
* refactor: use more Mojo::File operations in commands.pm
* refactor: use more Mojo::File operations in bmwqemu.pm
* refactor: use more Mojo::File operations in t/
* refactor: move scheduling rules out of basetest::is_applicable
* feat: add EXIT_AFTER_MODULE to stop after a specified module
- Update to version 5.1772663930.9a9bd7d:
* feat: add EXIT_AFTER_MODULE to stop after a specified module
* fix: Update gre_tunnel_preup script to support NetworkManager
* feat: Handle timeout when typing command in `background_script_run`
* feat: Allow opting-out of check when typing command in `script_run`
* feat: Handle timeout when typing command in `script_run`
* test: implement conventional commits check with gitlint
- Update to version 5.1772097392.f4e2912:
* fix: Update gre_tunnel_preup script to support NetworkManager
* build(Makefile): add top-level help target
* test: implement conventional commits check with gitlint
* fix: Fix wrong uses of "checkout" that should be "check out"
* git subrepo pull (merge) --force external/os-autoinst-common
- Update to version 5.1771958644.63a1790:
* build(Makefile): add top-level help target
* test: implement conventional commits check with gitlint
* fix: Fix wrong uses of "checkout" that should be "check out"
* git subrepo pull (merge) --force external/os-autoinst-common
* style: Fix crop.py style issues
* parse_extra_log: Allow passing additional args to upload_logs
- Update to version 5.1771858186.01b8328:
* test: implement conventional commits check with gitlint
* fix: Fix wrong uses of "checkout" that should be "check out"
* git subrepo pull (merge) --force external/os-autoinst-common
* style: Fix crop.py style issues
* workaround: Remove "get_mempolicy" warning from qemu-img output
- Update to version 5.1771520411.2601197:
* fix: Fix wrong uses of "checkout" that should be "check out"
* git subrepo pull (merge) --force external/os-autoinst-common
* style: Fix crop.py style issues
* workaround: Remove "get_mempolicy" warning from qemu-img output
* parse_extra_log: Allow passing additional args to upload_logs
- Update to version 5.1771353921.c8005c9:
* git subrepo pull (merge) --force external/os-autoinst-common
* style: Fix crop.py style issues
* workaround: Remove "get_mempolicy" warning from qemu-img output
* parse_extra_log: Allow passing additional args to upload_logs
* refactor: Distinguish tests by the script path in `loadtest`
* refactor: Simplify approach for avoiding redefine warnings
- Update to version 5.1770715824.6a80a85:
* style: Fix crop.py style issues
* workaround: Remove "get_mempolicy" warning from qemu-img output
* parse_extra_log: Allow passing additional args to upload_logs
* refactor: Distinguish tests by the script path in `loadtest`
* refactor: Simplify approach for avoiding redefine warnings
* test: Allow running tests with `Test::Warningsparse_serial_output_qemu` without checks
* t: use mock not redefine for lua_set
* setup-multi-machine: extend network service detection
- Update to version 5.1753993900.1487e47:
* backend: Use tpm-tis-device for TPM as default
* Require openssh-clients for git clone with ssh
* Avoid running `$basetest->parse_serial_output_qemu` without checks
* t: use mock not redefine for lua_set
* t: make autotest tests pass if lua and/or python are missing
- Update to version 5.1753467593.10e57cf:
* Require openssh-clients for git clone with ssh
* Avoid running `$basetest->parse_serial_output_qemu` without checks
* t: use mock not redefine for lua_set
* t: make autotest tests pass if lua and/or python are missing
* setup-multi-machine: extend network service detection
* Autodetect default ethernet dev/br in os-autoinst-setup-multi-machine
* Fix category generation for paths to lua test modules
- Update to version 5.1752671185.6fc0c66:
* Avoid running `$basetest->parse_serial_output_qemu` without checks
* t: use mock not redefine for lua_set
* t: make autotest tests pass if lua and/or python are missing
* setup-multi-machine: extend network service detection
* CI: Enable Leap 16.0 OBS build checks
- Update to version 5.1752576096.2a4e8ff:
* Avoid running `$basetest->parse_serial_output_qemu` without checks
* setup-multi-machine: extend network service detection
* CI: Enable Leap 16.0 OBS build checks
* Autodetect default ethernet dev/br in os-autoinst-setup-multi-machine
* Fix category generation for paths to lua test modules
- Update to version 5.1752222511.9791c75:
* setup-multi-machine: extend network service detection
* CI: Enable Leap 16.0 OBS build checks
* Autodetect default ethernet dev/br in os-autoinst-setup-multi-machine
* Fix category generation for paths to lua test modules
* Update Perl::Tidy to 20250616.0.0
- Update to version 5.1751897761.d55ec72:
* CI: Enable Leap 16.0 OBS build checks
* Autodetect default ethernet dev/br in os-autoinst-setup-multi-machine
* Fix category generation for paths to lua test modules
* Update Perl::Tidy to 20250616.0.0
* Workaround coverage issue
* Rename `$mock_main` to `$mock_ovs` in OVS unit test
* Extend logging in OVS service to debug its occasional unresponsiveness
- Update to version 5.1751470028.ff900af:
* Autodetect default ethernet dev/br in os-autoinst-setup-multi-machine
* Fix category generation for paths to lua test modules
* Update Perl::Tidy to 20250616.0.0
* generalhw: fix is_shutdown signature
* Workaround coverage issue
- Update to version 5.1751292366.cb60853:
* Fix category generation for paths to lua test modules
* Update Perl::Tidy to 20250616.0.0
* generalhw: fix is_shutdown signature
* Workaround coverage issue
* Rename `$mock_main` to `$mock_ovs` in OVS unit test
* Extend logging in OVS service to debug its occasional unresponsiveness
- Update to version 5.1750841733.3fc0bf7:
* Update Perl::Tidy to 20250616.0.0
* generalhw: fix is_shutdown signature
* Workaround coverage issue
* Rename `$mock_main` to `$mock_ovs` in OVS unit test
* Extend logging in OVS service to debug its occasional unresponsiveness
* VMWare-related code made compatible with non-GNU ps
- Update to version 5.1750149141.e9a7b3a:
* generalhw: fix is_shutdown signature
* Workaround coverage issue
* Rename `$mock_main` to `$mock_ovs` in OVS unit test
* Extend logging in OVS service to debug its occasional unresponsiveness
* Support Wait() timeout message from newer versions of x3270
* VMWare-related code made compatible with non-GNU ps
- Update to version 5.1750077297.e0e64ba:
* generalhw: fix is_shutdown signature
* Support Wait() timeout message from newer versions of x3270
* VMWare-related code made compatible with non-GNU ps
* Fix error from stricter Git permission checks when checking repo URL
* VMware new routine provide_image_vmware_in_ds
* ci: Remove workaround for Devel::Cover
* Require Inline::Lua
* Add support for lua test modules
* Use CPAN module Test::CheckGitStatus
* Apply macro to support upcoming opensuse/sle 16 build
* Add dependency perl-Test-CheckGitStatus
- Update to version 5.1749816802.bfdf10e:
* Support Wait() timeout message from newer versions of x3270
* VMWare-related code made compatible with non-GNU ps
* Fix error from stricter Git permission checks when checking repo URL
* generalhw: implement is_shutdown
* doc: Fix casing in GENERAL_HW_* descriptions
- Update to version 5.1749203452.c6860a3:
* generalhw: implement is_shutdown
* doc: Fix casing in GENERAL_HW_* descriptions
* VMware new routine provide_image_vmware_in_ds
* ci: Remove workaround for Devel::Cover
* Use CPAN module Test::CheckGitStatus
* Apply macro to support upcoming opensuse/sle 16 build
* Add dependency perl-Test-CheckGitStatus
* t: Catch output in 23-baseclass.t
* ci: Ensure 100% coverage without threshold
* Fix coverage for package statements
* Create link to the common prove_wrapper
* Sync os-autoinst-common with the subrepo external/os-autoinst-common
* Handle unhandled output from qemu and openvswitch tests
* Mitigate perl version mismatch on test case
* Try to increase pipe size for external video encoder
* Avoid warning about uninitialized value
* video_stream: add RGBBGR swapping support
* t: fix frame format used in video_stream
* video_stream: use ustreamer --persistent
* tinycv: scale starting search position if size is different
* Avoid sporadic test failures of fullstack test
* Wrap prove to prevent unhandled output
- Update to version 5.1748859519.44e4a9e:
* ci: Remove workaround for Devel::Cover
* Require Inline::Lua
* Add support for lua test modules
* Use CPAN module Test::CheckGitStatus
* Apply macro to support upcoming opensuse/sle 16 build
- Update to version 5.1747913329.a855b3a:
* t: Catch output in 23-baseclass.t
* ci: Ensure 100% coverage without threshold
* Fix coverage for package statements
* Create link to the common prove_wrapper
* Sync os-autoinst-common with the subrepo external/os-autoinst-common
* Try to increase pipe size for external video encoder
* Avoid warning about uninitialized value
* video_stream: add RGBBGR swapping support
* t: fix frame format used in video_stream
* video_stream: use ustreamer --persistent
* tinycv: scale starting search position if size is different
* Avoid sporadic test failures of fullstack test
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP7:
zypper in -t patch openSUSE-2026-235=1
Package List:
- openSUSE Backports SLE-15-SP7 (aarch64 ppc64le s390x x86_64):
openQA-5.1782486535.1bf71ec4-bp157.2.9.1
openQA-auto-update-5.1782486535.1bf71ec4-bp157.2.9.1
openQA-bootstrap-5.1782486535.1bf71ec4-bp157.2.9.1
openQA-client-5.1782486535.1bf71ec4-bp157.2.9.1
openQA-client-bash-completion-5.1782486535.1bf71ec4-bp157.2.9.1
openQA-client-zsh-completion-5.1782486535.1bf71ec4-bp157.2.9.1
openQA-common-5.1782486535.1bf71ec4-bp157.2.9.1
openQA-continuous-update-5.1782486535.1bf71ec4-bp157.2.9.1
openQA-doc-5.1782486535.1bf71ec4-bp157.2.9.1
openQA-llm-server-5.1782486535.1bf71ec4-bp157.2.9.1
openQA-local-db-5.1782486535.1bf71ec4-bp157.2.9.1
openQA-mcp-5.1782486535.1bf71ec4-bp157.2.9.1
openQA-munin-5.1782486535.1bf71ec4-bp157.2.9.1
openQA-python-scripts-5.1782486535.1bf71ec4-bp157.2.9.1
openQA-single-instance-5.1782486535.1bf71ec4-bp157.2.9.1
openQA-single-instance-nginx-5.1782486535.1bf71ec4-bp157.2.9.1
openQA-worker-5.1782486535.1bf71ec4-bp157.2.9.1
os-autoinst-5.1782809557.0ae98f8-bp157.2.3.1
os-autoinst-debuginfo-5.1782809557.0ae98f8-bp157.2.3.1
os-autoinst-debugsource-5.1782809557.0ae98f8-bp157.2.3.1
os-autoinst-openvswitch-5.1782809557.0ae98f8-bp157.2.3.1
os-autoinst-swtpm-5.1782809557.0ae98f8-bp157.2.3.1
- openSUSE Backports SLE-15-SP7 (x86_64):
os-autoinst-qemu-kvm-5.1782809557.0ae98f8-bp157.2.3.1
os-autoinst-qemu-x86-5.1782809557.0ae98f8-bp157.2.3.1
References:
https://www.suse.com/security/cve/CVE-2026-25547.html
https://bugzilla.suse.com/1244139
https://bugzilla.suse.com/1245378
https://bugzilla.suse.com/1245379
https://bugzilla.suse.com/1257852
https://bugzilla.suse.com/1258632
https://bugzilla.suse.com/1259005
https://bugzilla.suse.com/1264376
openSUSE-SU-2026:0237-1: moderate: Security update for transmission
openSUSE Security Update: Security update for transmission
_______________________________
Announcement ID: openSUSE-SU-2026:0237-1
Rating: moderate
References: #1267404
Cross-References: CVE-2026-38978
Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________
An update that fixes one vulnerability is now available.
Description:
This update for transmission fixes the following issues:
- CVE-2026-38978: add clickjack safeguards when serving http responses
(boo#1267404).
- Update to 4.0.6:
+ Improved parsing HTTP tracker announce response. (#6223)
+ Fixed 4.0.0 bug that caused some user scripts to have an invalid
TR_TORRENT_TRACKERS environment variable. (#6434)
+ Fixed 4.0.0 bug where alt-speed-enabled had no effect in
settings.json. (#6483)
+ Fixed 4.0.0 bug where the GTK client's "Use authentication"
option was not saved between's sessions. (#6514)
+ Fixed 4.0.0 bug where the filename for single-file torrents aren't
sanitized. (#6846)
+ Fixed 4.0.0 bug where piece size description text and slider state in
torrent creation dialog are not always up-to-date.
+ Fixed build when compiling with GTKMM 4. (#6393)
+ Added the launchable desktop-id to metainfo files. (#6779)
+ Fixed build when compiling on BSD. (#6812)
+ Fixed a 4.0.0 bug where the infinite ratio symbol was displayed
incorrectly in the WebUI. (#6491, #6500)
+ Fixed layout issue in speed display. (#6570)
+ General UI improvement related to filterbar and fixes download/upload
speed info wrap. (#6761)
+ Fixed a couple of logging issues. (#6463)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP7:
zypper in -t patch openSUSE-2026-237=1
Package List:
- openSUSE Backports SLE-15-SP7 (aarch64 ppc64le s390x x86_64):
transmission-4.0.6-bp157.2.3.1
transmission-daemon-4.0.6-bp157.2.3.1
transmission-gtk-4.0.6-bp157.2.3.1
transmission-qt-4.0.6-bp157.2.3.1
- openSUSE Backports SLE-15-SP7 (noarch):
system-user-transmission-4.0.6-bp157.2.3.1
transmission-common-4.0.6-bp157.2.3.1
transmission-gtk-lang-4.0.6-bp157.2.3.1
transmission-qt-lang-4.0.6-bp157.2.3.1
References:
https://www.suse.com/security/cve/CVE-2026-38978.html
https://bugzilla.suse.com/1267404
SUSE-SU-2026:2809-1: moderate: Security update for systemd
# Security update for systemd
Announcement ID: SUSE-SU-2026:2809-1
Release Date: 2026-07-09T06:08:36Z
Rating: moderate
References:
* bsc#1261400
* bsc#1261982
* bsc#1261983
* bsc#1267647
Cross-References:
* CVE-2026-40226
CVSS scores:
* CVE-2026-40226 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-40226 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-40226 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
An update that solves one vulnerability and has three security fixes can now be
installed.
## Description:
This update for systemd fixes the following issue
Security issues fixed:
* CVE-2026-40226: nspawn: escape-to-host via malformed optional config file
(bsc#1261400).
Other updates and bugfixes:
* Import commit 37508f8ec1 (bsc#1267647).
* Import commit c7530fbea3 (bsc#1261982 bsc#1261983).
* Import commit 5c4ed461a7 (bsc#1261982).
* Import commit 4b963df038 (bsc#1261983).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2809=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2809=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2809=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2809=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-2809=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2809=1
## Package List:
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* systemd-journal-remote-debuginfo-249.17-150400.8.64.1
* udev-249.17-150400.8.64.1
* systemd-sysvinit-249.17-150400.8.64.1
* systemd-debuginfo-249.17-150400.8.64.1
* systemd-debugsource-249.17-150400.8.64.1
* systemd-container-249.17-150400.8.64.1
* systemd-container-debuginfo-249.17-150400.8.64.1
* systemd-journal-remote-249.17-150400.8.64.1
* udev-debuginfo-249.17-150400.8.64.1
* libsystemd0-249.17-150400.8.64.1
* libudev1-debuginfo-249.17-150400.8.64.1
* libsystemd0-debuginfo-249.17-150400.8.64.1
* libudev1-249.17-150400.8.64.1
* systemd-249.17-150400.8.64.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* systemd-journal-remote-debuginfo-249.17-150400.8.64.1
* udev-249.17-150400.8.64.1
* systemd-sysvinit-249.17-150400.8.64.1
* systemd-debuginfo-249.17-150400.8.64.1
* systemd-debugsource-249.17-150400.8.64.1
* systemd-container-249.17-150400.8.64.1
* systemd-container-debuginfo-249.17-150400.8.64.1
* systemd-journal-remote-249.17-150400.8.64.1
* udev-debuginfo-249.17-150400.8.64.1
* libsystemd0-249.17-150400.8.64.1
* libudev1-debuginfo-249.17-150400.8.64.1
* libsystemd0-debuginfo-249.17-150400.8.64.1
* libudev1-249.17-150400.8.64.1
* systemd-249.17-150400.8.64.1
* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* systemd-sysvinit-249.17-150400.8.64.1
* systemd-debugsource-249.17-150400.8.64.1
* systemd-mini-doc-249.17-150400.8.64.1
* systemd-container-debuginfo-249.17-150400.8.64.1
* libudev-mini1-249.17-150400.8.64.1
* nss-systemd-249.17-150400.8.64.1
* systemd-mini-249.17-150400.8.64.1
* systemd-journal-remote-249.17-150400.8.64.1
* udev-mini-debuginfo-249.17-150400.8.64.1
* udev-debuginfo-249.17-150400.8.64.1
* libudev-mini1-debuginfo-249.17-150400.8.64.1
* systemd-portable-249.17-150400.8.64.1
* libsystemd0-debuginfo-249.17-150400.8.64.1
* libsystemd0-mini-debuginfo-249.17-150400.8.64.1
* systemd-experimental-249.17-150400.8.64.1
* systemd-testsuite-249.17-150400.8.64.1
* systemd-debuginfo-249.17-150400.8.64.1
* systemd-mini-devel-249.17-150400.8.64.1
* systemd-coredump-debuginfo-249.17-150400.8.64.1
* systemd-mini-container-debuginfo-249.17-150400.8.64.1
* systemd-network-debuginfo-249.17-150400.8.64.1
* systemd-mini-debuginfo-249.17-150400.8.64.1
* libudev1-debuginfo-249.17-150400.8.64.1
* libsystemd0-249.17-150400.8.64.1
* systemd-devel-249.17-150400.8.64.1
* nss-systemd-debuginfo-249.17-150400.8.64.1
* systemd-experimental-debuginfo-249.17-150400.8.64.1
* systemd-249.17-150400.8.64.1
* udev-mini-249.17-150400.8.64.1
* systemd-journal-remote-debuginfo-249.17-150400.8.64.1
* systemd-testsuite-debuginfo-249.17-150400.8.64.1
* systemd-mini-debugsource-249.17-150400.8.64.1
* systemd-mini-sysvinit-249.17-150400.8.64.1
* systemd-coredump-249.17-150400.8.64.1
* nss-myhostname-249.17-150400.8.64.1
* systemd-doc-249.17-150400.8.64.1
* udev-249.17-150400.8.64.1
* systemd-container-249.17-150400.8.64.1
* systemd-mini-container-249.17-150400.8.64.1
* nss-myhostname-debuginfo-249.17-150400.8.64.1
* systemd-portable-debuginfo-249.17-150400.8.64.1
* libsystemd0-mini-249.17-150400.8.64.1
* systemd-network-249.17-150400.8.64.1
* libudev1-249.17-150400.8.64.1
* openSUSE Leap 15.4 (x86_64)
* nss-myhostname-32bit-debuginfo-249.17-150400.8.64.1
* libudev1-32bit-249.17-150400.8.64.1
* libudev1-32bit-debuginfo-249.17-150400.8.64.1
* nss-myhostname-32bit-249.17-150400.8.64.1
* systemd-32bit-249.17-150400.8.64.1
* systemd-32bit-debuginfo-249.17-150400.8.64.1
* libsystemd0-32bit-debuginfo-249.17-150400.8.64.1
* libsystemd0-32bit-249.17-150400.8.64.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* nss-myhostname-64bit-debuginfo-249.17-150400.8.64.1
* systemd-64bit-debuginfo-249.17-150400.8.64.1
* libudev1-64bit-249.17-150400.8.64.1
* systemd-64bit-249.17-150400.8.64.1
* nss-myhostname-64bit-249.17-150400.8.64.1
* libudev1-64bit-debuginfo-249.17-150400.8.64.1
* libsystemd0-64bit-249.17-150400.8.64.1
* libsystemd0-64bit-debuginfo-249.17-150400.8.64.1
* openSUSE Leap 15.4 (noarch)
* systemd-lang-249.17-150400.8.64.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* systemd-journal-remote-debuginfo-249.17-150400.8.64.1
* udev-249.17-150400.8.64.1
* systemd-sysvinit-249.17-150400.8.64.1
* systemd-debuginfo-249.17-150400.8.64.1
* systemd-container-249.17-150400.8.64.1
* systemd-debugsource-249.17-150400.8.64.1
* systemd-container-debuginfo-249.17-150400.8.64.1
* systemd-journal-remote-249.17-150400.8.64.1
* udev-debuginfo-249.17-150400.8.64.1
* libsystemd0-249.17-150400.8.64.1
* libudev1-debuginfo-249.17-150400.8.64.1
* libsystemd0-debuginfo-249.17-150400.8.64.1
* libudev1-249.17-150400.8.64.1
* systemd-249.17-150400.8.64.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* systemd-journal-remote-debuginfo-249.17-150400.8.64.1
* udev-249.17-150400.8.64.1
* systemd-sysvinit-249.17-150400.8.64.1
* systemd-container-249.17-150400.8.64.1
* systemd-debugsource-249.17-150400.8.64.1
* systemd-debuginfo-249.17-150400.8.64.1
* systemd-container-debuginfo-249.17-150400.8.64.1
* systemd-journal-remote-249.17-150400.8.64.1
* udev-debuginfo-249.17-150400.8.64.1
* libsystemd0-249.17-150400.8.64.1
* libudev1-debuginfo-249.17-150400.8.64.1
* libsystemd0-debuginfo-249.17-150400.8.64.1
* libudev1-249.17-150400.8.64.1
* systemd-249.17-150400.8.64.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* systemd-journal-remote-debuginfo-249.17-150400.8.64.1
* udev-249.17-150400.8.64.1
* systemd-sysvinit-249.17-150400.8.64.1
* systemd-container-249.17-150400.8.64.1
* systemd-debugsource-249.17-150400.8.64.1
* systemd-debuginfo-249.17-150400.8.64.1
* systemd-container-debuginfo-249.17-150400.8.64.1
* systemd-journal-remote-249.17-150400.8.64.1
* udev-debuginfo-249.17-150400.8.64.1
* libsystemd0-249.17-150400.8.64.1
* libudev1-debuginfo-249.17-150400.8.64.1
* libsystemd0-debuginfo-249.17-150400.8.64.1
* libudev1-249.17-150400.8.64.1
* systemd-249.17-150400.8.64.1
## References:
* https://www.suse.com/security/cve/CVE-2026-40226.html
* https://bugzilla.suse.com/show_bug.cgi?id=1261400
* https://bugzilla.suse.com/show_bug.cgi?id=1261982
* https://bugzilla.suse.com/show_bug.cgi?id=1261983
* https://bugzilla.suse.com/show_bug.cgi?id=1267647
SUSE-SU-2026:2810-1: moderate: Security update for glib-networking
# Security update for glib-networking
Announcement ID: SUSE-SU-2026:2810-1
Release Date: 2026-07-09T06:14:47Z
Rating: moderate
References:
* bsc#1267979
Cross-References:
* CVE-2026-10028
CVSS scores:
* CVE-2026-10028 ( SUSE ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-10028 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-10028 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
An update that solves one vulnerability can now be installed.
## Description:
This update for glib-networking fixes the following issue
* CVE-2026-10028: two certificates which are each signed by the other can lead
to an infinite loop (bsc#1267979).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-2810=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2810=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2810=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2810=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2810=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2810=1
## Package List:
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* glib-networking-2.70.1-150400.3.3.1
* glib-networking-debuginfo-2.70.1-150400.3.3.1
* glib-networking-debugsource-2.70.1-150400.3.3.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* glib-networking-2.70.1-150400.3.3.1
* glib-networking-debuginfo-2.70.1-150400.3.3.1
* glib-networking-debugsource-2.70.1-150400.3.3.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* glib-networking-2.70.1-150400.3.3.1
* glib-networking-debuginfo-2.70.1-150400.3.3.1
* glib-networking-debugsource-2.70.1-150400.3.3.1
* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* glib-networking-2.70.1-150400.3.3.1
* glib-networking-debuginfo-2.70.1-150400.3.3.1
* glib-networking-debugsource-2.70.1-150400.3.3.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* glib-networking-64bit-2.70.1-150400.3.3.1
* glib-networking-64bit-debuginfo-2.70.1-150400.3.3.1
* openSUSE Leap 15.4 (x86_64)
* glib-networking-32bit-debuginfo-2.70.1-150400.3.3.1
* glib-networking-32bit-2.70.1-150400.3.3.1
* openSUSE Leap 15.4 (noarch)
* glib-networking-lang-2.70.1-150400.3.3.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* glib-networking-2.70.1-150400.3.3.1
* glib-networking-debuginfo-2.70.1-150400.3.3.1
* glib-networking-debugsource-2.70.1-150400.3.3.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* glib-networking-2.70.1-150400.3.3.1
* glib-networking-debuginfo-2.70.1-150400.3.3.1
* glib-networking-debugsource-2.70.1-150400.3.3.1
## References:
* https://www.suse.com/security/cve/CVE-2026-10028.html
* https://bugzilla.suse.com/show_bug.cgi?id=1267979
SUSE-SU-2026:2811-1: important: Security update for python-maturin
# Security update for python-maturin
Announcement ID: SUSE-SU-2026:2811-1
Release Date: 2026-07-09T06:25:49Z
Rating: important
References:
* bsc#1270208
* bsc#1270515
* bsc#1270620
* bsc#1270706
* bsc#1270772
* bsc#1270801
* bsc#1270936
* bsc#1270994
Cross-References:
* CVE-2026-41676
* CVE-2026-41677
* CVE-2026-41678
* CVE-2026-41681
* CVE-2026-41898
* CVE-2026-42327
* CVE-2026-44662
* CVE-2026-45784
CVSS scores:
* CVE-2026-41676 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-41676 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-41676 ( NVD ): 7.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-41676 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-41677 ( SUSE ): 1.7
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
* CVE-2026-41677 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-41677 ( NVD ): 1.7
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-41677 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-41678 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-41678 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-41678 ( NVD ): 7.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-41678 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-41681 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-41681 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-41681 ( NVD ): 8.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-41681 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-41898 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-41898 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L
* CVE-2026-41898 ( NVD ): 8.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-41898 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-42327 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-42327 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-42327 ( NVD ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-44662 ( SUSE ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-44662 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2026-44662 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-45784 ( SUSE ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-45784 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Affected Products:
* openSUSE Leap 15.6
An update that solves eight vulnerabilities can now be installed.
## Description:
This update for python-maturin fixes the following issues
* CVE-2026-41676: openssl: `Deriver:derive` and `PkeyCtxRef:derive` can
overflow short buffers on OpenSSL 1.1.1 (bsc#1270208).
* CVE-2026-41677: openssl: out-of-bounds read in PEM password callback when
returning an oversized length (bsc#1270620).
* CVE-2026-41678: openssl: out-of-bounds write due to incorrect bounds
assertion in `aes::unwrap_key()` (bsc#1270706).
* CVE-2026-41681: openssl: `MdCtxRef::digest_final()` writes past caller
buffer with no length check (bsc#1270772).
* CVE-2026-41898: openssl: unchecked callback-returned length in PSK and
cookie generate trampolines can leak adjacent memory to the network
(bsc#1270801).
* CVE-2026-42327: openssl: undefined behavior in `X509Ref::ocsp_responders`
for certificates with non-UTF-8 OCSP URLs (bsc#1270515).
* CVE-2026-44662: openssl: heap buffer overflow when encrypting with AES key-
wrap-with-padding due to incorrectly sized output buffers (bsc#1270936).
* CVE-2026-45784: openssl: out-of-bounds write in
`CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers due to
incorrectly sized output buffer (bsc#1270994).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2811=1
## Package List:
* openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64)
* python311-maturin-1.4.0-150600.3.15.1
## References:
* https://www.suse.com/security/cve/CVE-2026-41676.html
* https://www.suse.com/security/cve/CVE-2026-41677.html
* https://www.suse.com/security/cve/CVE-2026-41678.html
* https://www.suse.com/security/cve/CVE-2026-41681.html
* https://www.suse.com/security/cve/CVE-2026-41898.html
* https://www.suse.com/security/cve/CVE-2026-42327.html
* https://www.suse.com/security/cve/CVE-2026-44662.html
* https://www.suse.com/security/cve/CVE-2026-45784.html
* https://bugzilla.suse.com/show_bug.cgi?id=1270208
* https://bugzilla.suse.com/show_bug.cgi?id=1270515
* https://bugzilla.suse.com/show_bug.cgi?id=1270620
* https://bugzilla.suse.com/show_bug.cgi?id=1270706
* https://bugzilla.suse.com/show_bug.cgi?id=1270772
* https://bugzilla.suse.com/show_bug.cgi?id=1270801
* https://bugzilla.suse.com/show_bug.cgi?id=1270936
* https://bugzilla.suse.com/show_bug.cgi?id=1270994
openSUSE-SU-2026:11213-1: moderate: dirmngr-2.5.21-1.1 on GA media
# dirmngr-2.5.21-1.1 on GA media
Announcement ID: openSUSE-SU-2026:11213-1
Rating: moderate
Cross-References:
* CVE-2026-57062
CVSS scores:
* CVE-2026-57062 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-57062 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the dirmngr-2.5.21-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* dirmngr 2.5.21-1.1
* gpg2 2.5.21-1.1
* gpg2-lang 2.5.21-1.1
* gpg2-tpm 2.5.21-1.1
## References:
* https://www.suse.com/security/cve/CVE-2026-57062.html
openSUSE-SU-2026:11212-1: moderate: go1.25-1.25.12-1.1 on GA media
# go1.25-1.25.12-1.1 on GA media
Announcement ID: openSUSE-SU-2026:11212-1
Rating: moderate
Cross-References:
* CVE-2026-39822
* CVE-2026-42505
CVSS scores:
* CVE-2026-39822 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2026-42505 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products:
* openSUSE Tumbleweed
An update that solves 2 vulnerabilities can now be installed.
## Description:
These are all security issues fixed in the go1.25-1.25.12-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* go1.25 1.25.12-1.1
* go1.25-doc 1.25.12-1.1
* go1.25-race 1.25.12-1.1
## References:
* https://www.suse.com/security/cve/CVE-2026-39822.html
* https://www.suse.com/security/cve/CVE-2026-42505.html
openSUSE-SU-2026:11214-1: moderate: kernel-devel-7.1.3-1.1 on GA media
# kernel-devel-7.1.3-1.1 on GA media
Announcement ID: openSUSE-SU-2026:11214-1
Rating: moderate
Cross-References:
* CVE-2026-53359
* CVE-2026-53362
CVSS scores:
* CVE-2026-53359 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-53359 ( SUSE ): 9.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2026-53362 ( SUSE ): 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-53362 ( SUSE ): 9 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Affected Products:
* openSUSE Tumbleweed
An update that solves 2 vulnerabilities can now be installed.
## Description:
These are all security issues fixed in the kernel-devel-7.1.3-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* kernel-devel 7.1.3-1.1
* kernel-macros 7.1.3-1.1
* kernel-source 7.1.3-1.1
* kernel-source-vanilla 7.1.3-1.1
## References:
* https://www.suse.com/security/cve/CVE-2026-53359.html
* https://www.suse.com/security/cve/CVE-2026-53362.html
openSUSE-SU-2026:11211-1: moderate: fluidsynth-2.5.6-1.1 on GA media
# fluidsynth-2.5.6-1.1 on GA media
Announcement ID: openSUSE-SU-2026:11211-1
Rating: moderate
Cross-References:
* CVE-2026-58264
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the fluidsynth-2.5.6-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* fluidsynth 2.5.6-1.1
* fluidsynth-devel 2.5.6-1.1
* libfluidsynth3 2.5.6-1.1
* libfluidsynth3-32bit 2.5.6-1.1
## References:
* https://www.suse.com/security/cve/CVE-2026-58264.html
openSUSE-SU-2026:11206-1: moderate: sccache-0.16.0~0-2.1 on GA media
# sccache-0.16.0~0-2.1 on GA media
Announcement ID: openSUSE-SU-2026:11206-1
Rating: moderate
Cross-References:
* CVE-2026-41676
CVSS scores:
* CVE-2026-41676 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-41676 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the sccache-0.16.0~0-2.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* sccache 0.16.0~0-2.1
## References:
* https://www.suse.com/security/cve/CVE-2026-41676.html
openSUSE-SU-2026:11205-1: moderate: rustup-1.28.2~0-4.1 on GA media
# rustup-1.28.2~0-4.1 on GA media
Announcement ID: openSUSE-SU-2026:11205-1
Rating: moderate
Cross-References:
* CVE-2026-41676
CVSS scores:
* CVE-2026-41676 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-41676 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the rustup-1.28.2~0-4.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* rustup 1.28.2~0-4.1
## References:
* https://www.suse.com/security/cve/CVE-2026-41676.html
openSUSE-SU-2026:11210-1: moderate: cargo-c-0.10.23-1.1 on GA media
# cargo-c-0.10.23-1.1 on GA media
Announcement ID: openSUSE-SU-2026:11210-1
Rating: moderate
Cross-References:
* CVE-2026-41676
* CVE-2026-41677
* CVE-2026-41678
* CVE-2026-41681
* CVE-2026-41898
* CVE-2026-42327
* CVE-2026-44662
* CVE-2026-45784
CVSS scores:
* CVE-2026-41676 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-41676 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-41677 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-41677 ( SUSE ): 1.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
* CVE-2026-41678 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-41678 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-41681 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-41681 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-41898 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L
* CVE-2026-41898 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-42327 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-42327 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-44662 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2026-44662 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-45784 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2026-45784 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves 8 vulnerabilities can now be installed.
## Description:
These are all security issues fixed in the cargo-c-0.10.23-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* cargo-c 0.10.23-1.1
## References:
* https://www.suse.com/security/cve/CVE-2026-41676.html
* https://www.suse.com/security/cve/CVE-2026-41677.html
* https://www.suse.com/security/cve/CVE-2026-41678.html
* https://www.suse.com/security/cve/CVE-2026-41681.html
* https://www.suse.com/security/cve/CVE-2026-41898.html
* https://www.suse.com/security/cve/CVE-2026-42327.html
* https://www.suse.com/security/cve/CVE-2026-44662.html
* https://www.suse.com/security/cve/CVE-2026-45784.html