18 Apr 2026

Ghostscript 10.07.0 Released

15 Apr 2026

Bruno 3.2.2 Released!

Bug Fixes
Fixed custom root certificates not being recognized
Fixed app not loading on macOS
Improved Postman import to handle numeric values and unexpected auth/header formats
Fixed query parameters losing valueless vs empty value distinction on URL updates
Fixed status code and status text swap in response examples for v3.0.0 compatibility
Fixed XSS vulnerability in document renderer
Fixed multipart boundary duplication when custom boundary is specified
Fixed stale HTTP/HTTPS agent reuse on redirects
Fixed secret masking not reapplying after editor value changes
Improved system proxy fetching reliability

15 Apr 2026

Ruby 4.0.2-1 released

Added
Add more text to the startmenu buttons and more color to outputs.
Changed
Update to ruby-4.0.2, see release notes.
Update the SSL CA certificate list.
Change libssl-3.dll to libssl-3-arm64.dll on ARM64.

15 Apr 2026

PostgreSQL March Release

15 Apr 2026

Perl 5.42.2.1 Released

15 Apr 2026

NodeJS 25.9.0 & 24.14.1 Released

15 Apr 2026

Python 3.14.4 & 3.13.13 Released

Infrastructure:
setuptools-82.0.0
New Packages:
Upgraded Packages:
panel-1.8.9, streamlit-1.55.0, papermill-2.7.0
onnxruntime-1.24.0, google-genai-1.66.0, huggingface-hub-1.6.0
pyomo-6.10.0, pillow-12.1.1
Removed Packages:
Differences among builds:
only slimf (python-3.14 free-threading) has pandas-3.0.1, as pydeck is not fully compatible yet with pandas-3

12 Apr 2026

Git Security release

Security release!

Description

Summary

It is possible to obtain a user's NTLM hash by tricking them into cloning from a malicious server. Since NTLM hashing is weak, it is possible for the attacker to brute-force the user's account name and password.

Proof of Concept

An attacker who can control a server from which the attack's target clones a repository can extract the NTLM hash, which in turn allows brute-forcing the password. Steps to reproduce:

1- Run responder on host [attacker]
2- Run git clone [victim]
3- attacker receives user's NTLM hash

 Screencast.From.2025-10-09.23-02-48.mp4 

Impact

By brute-forcing the NTLMv2 hash (which is expensive, but possible), credentials can be extracted.

References

This is a security fix release, addressing CVE-2025-66413.

CVE-2025-66413, Git for Windows: When a user clones a repository from an attacker-controlled server, Git may attempt NTLM authentication and disclose the user's NTLMv2 hash to the remote server. Since NTLM hashing is weak, the captured hash can potentially be brute-forced to recover the user's credentials. This is addressed by disabling NTLM authentication by default.

22 Mar 2026

Powershell 7.6.0 Released!

General Cmdlet Updates and Fixes

  • Update PowerShell Profile DSC resource manifests to allow null for content (#26973)

Tests

  • Add GitHub Actions annotations for Pester test failures (#26969)
  • Fix Import-Module.Tests.ps1 to handle Arm32 platform (#26888)

Build and Packaging Improvements

Update to .NET SDK 10.0.201
  • Update v7.6 release branch to use .NET SDK 10.0.201 (#27041)
  • Create LTS package and non-LTS package for macOS for LTS releases (#27040)
  • Fix the container image for package pipelines (#27020)
  • Update Microsoft.PowerShell.PSResourceGet version to 1.2.0 (#27007)
  • Update LTS and Stable release settings in metadata (#27006)
  • Update branch for release (#26989)
  • Fix ConvertFrom-ClearlyDefinedCoordinates to handle API object coordinates (#26986)
  • Update NuGet package versions in cgmanifest.json to actually match the branch (#26982)
  • Bump actions/upload-artifact from 6 to 7 (#26979)
  • Split TPN manifest and Component Governance manifest (#26978)
  • Bump github/codeql-action from 4.32.4 to 4.32.6 (#26975)
  • Bump actions/dependency-review-action from 4.8.3 to 4.9.0 (#26974)
  • Hardcode Official templates (#26972)
  • Fix a preview detection test for the packaging script (#26971)
  • Add PMC packages for debian13 and rhel10 (#26917)
  • Add version in description and pass store task on failure (#26889)
  • Exclude .exe packages from publishing to GitHub (#26887)
  • Correct the package name for .deb and .rpm packages (#26884)

18 Mar 2026

March Bearsampp Release

Continuing our performance improvement series.

This time we focus on startup performance.

  • restart by @N6REJ in #673
  • Feb by @N6REJ in #668
  • Added Enhanced mode for quickpick for faster installs
  • 30% improvement to Startup Times post 1st start
  • enhance security across codebase
  • Toggle Enhanced mode from within localhost or bearsampp.conf
08 Mar 2026

NodeJS 25.8.0, 24.14.0 & 22.22.1 released

07 Mar 2026

Mailpit 1.29.2 Released!

Security release!

This security release fixes CVE-2026-27808: users could use the Link Check API to probe internal network IPs/hostnames. The exploit required user access to both the API and the SMTP server, so the risk is limited to users who have publicly-accessible Mailpit instances with no authentication on both the API and SMTP server.

Key change:

  • New opt-in flag: --allow-internal-http-requests (env MP_ALLOW_INTERNAL_HTTP_REQUESTS=true). When enabled, the Link Check API and UI screenshot proxy may access internal-network IPs.

Action required:

  • This is potentially breaking for test suites that depend on Link Check probing internal resources - review and update tests as needed.

A huge thanks to the security researcher (@rtvkiz) who reported this issue responsibly.

Changelog:

Security

  • Prevent Server-Side Request Forgery (SSRF) via Link Check API (CVE-2026-27808)

Chore

  • Upgrade eslint JavaScript linting
  • Update Go dependencies
  • Update node dependencies
  • Update caniemail test database

Fix

  • Update install instructions when setting INSTALL_PATH
  • Include 8BITMIME in SMTPD EHLO response (#648)

Results 1 - 12 of 294

Our Supporters

Tassos gr
codium
Simplify your web
OCH
Jet Brains
AM Graphix

Sorry, this website uses features that your browser doesn't support. Upgrade to a newer version of Firefox, Chrome, Safari, or Edge and you'll be all set.