27 May 2024

Bearsampp 2024.5.27 Released


Get yours today Bearsampp 2024.5.27

25 May 2024

Mysql 8.0.37

Mysql 8.0.37

21 May 2024

Git 2.45.1 Security Release

Security release!

Git for Windows v2.45.1

Changes since Git for Windows v2.45.0 (April 29th 2024)

Git for Windows for Windows v2.45 is the last version to support for Windows 7 and for Windows 8, see MSYS2's corresponding deprecation announcement (Git for Windows relies on MSYS2 for components such as Bash and Perl).

Please also note that the 32-bit variant of Git for Windows is deprecated; Its last official release is planned for 2025.

New Features

Bug Fixes

  • CVE-2024-32002: Recursive clones on case-insensitive filesystems that support
    symbolic links are susceptible to case confusion that can be exploited to
    execute just-cloned code during the clone operation.
  • CVE-2024-32004: Repositories can be configured to execute arbitrary code
    during local clones. To address this, the ownership checks introduced in
    v2.30.3 are now extended to cover cloning local repositories.
  • CVE-2024-32020: Local clones may end up hardlinking files into the target
    repository's object database when source and target repository reside on the
    same disk. If the source repository is owned by a different user, then those
    hardlinked files may be rewritten at any point in time by the untrusted user.
  • CVE-2024-32021: When cloning a local source repository that contains symlinks
    via the filesystem, Git may create hardlinks to arbitrary user-readable files
    on the same filesystem as the target repository in the objects/ directory.
  • CVE-2024-32465: It is supposed to be safe to clone untrusted repositories,
    even those unpacked from zip archives or tarballs originating from untrusted
    sources, but Git can be tricked to run arbitrary code as part of the clone.

  • Defense-in-depth: submodule: require the submodule path to contain
    directories only.
  • Defense-in-depth: clone: when symbolic links collide with directories, keep
    the latter.
  • Defense-in-depth: clone: prevent hooks from running during a clone.
  • Defense-in-depth: core.hooksPath: add some protection while cloning.
  • Defense-in-depth: fsck: warn about symlink pointing inside a gitdir.
  • Various fix-ups on HTTP tests.
  • HTTP Header redaction code has been adjusted for a newer version of cURL
    library that shows its traces differently from earlier versions.
  • Fix was added to work around a regression in libcURL 8.7.0 (which has already
    been fixed in their tip of the tree).
  • Replace macos-12 used at GitHub CI with macos-13.
  • ci(linux-asan/linux-ubsan): let's save some time
  • Tests with LSan from time to time seem to emit harmless message that makes
    our tests unnecessarily flakey; we work it around by filtering the
    uninteresting output.
  • Update GitHub Actions jobs to avoid warnings against using deprecated version
    of Node.js.

09 May 2024

Git 2.45.0 Released

Changes since Git for Windows v2.44.0 (February 23rd 2024)

Git for Windows for Windows v2.45 is the last version to support for Windows 7 and for Windows 8, see MSYS2's corresponding deprecation announcement (Git for Windows relies on MSYS2 for components such as Bash and Perl).

Please also note that the 32-bit variant of Git for Windows is deprecated; Its last official release is planned for 2025.

New Features

Bug Fixes

25 Apr 2024

Composer April Releases

With this batch of Composer updates we have added 2.7.0, 2.7.1, 2.7.2, 2.7.3, and 2.7.4 releases as well as ALL Composer versions now come with PHPUnit included!

You will need to re-download any versions of Composer you may have if you want the PHPUnit included.

21 Apr 2024

PHP 8.3.1, 8.3.4 & 8.3.6 Released

Here are the PHP 8.3.x releases now available.

https://www.php.net/ChangeLog-8.php#PHP_8_3

21 Apr 2024

PHP 8.1.x & 8.2.x April Release

Here are the bug fix releases for PHP 8.1.x and 8.2.x.

PHP Versions:
8.1.27
8.1.28
8.2.14
8.2.17
8.2.18

https://www.php.net/ChangeLog-8.php

20 Apr 2024

PostgreSQL April 2024 Releases

There are plenty of releases for PostgreSQL and we have them here!

PostgreSQL Versions: 12.18 | 13.14 | 14.11 | 15.6 | 16.2
20 Apr 2024

MySQL 8.3 & 8.0.36 Released

Here is the release of MySQL 8.3.0 and the latest 8.0.36 release. These are bug fix releases.

Changelog: 8.0.36 | 8.3.0

Release: https://github.com/Bearsampp/module-mysql/releases/tag/2024.4.10

15 Apr 2024

NodeJS 18.20.2, 20.12.2 & 21.7.3 SECURITY RELEASE

Security release!

Wednesday, April 10, 2024 Security Releases

RG

Rafael Gonzaga

Security releases available

Updates are now available for the 18.x, 20.x, 21.x Node.js release lines for the following issues.

Command injection via args parameter of child_process.spawn without shell option enabled on Windows (CVE-2024-27980) - (HIGH)

Due to the improper handling of batch files in child_process.spawn / child_process.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled.

It is important to note that there has been a breaking change for Windows users who utilize child_process.spawn and child_process.spawnSync. Node.js will now error with EINVAL if a .bat or .cmd file is passed to child_process.spawn and child_process.spawnSync without the shell option set. If the input to spawn/spawnSync is sanitized, users can now pass { shell: true } as an option to prevent the occurrence of EINVALs errors.

While it is possible to also pass --security-revert=CVE-2024-27980 to revert the security patch, we strongly advise against doing so. Impact:

  • This vulnerability affects all Windows users in active release lines: 18.x, 20.x, 21.x

Thank you, to ryotak for reporting this vulnerability and thank you Ben Noordhuis for fixing it.

Summary

The Node.js project will release new versions of the 18.x, 20.x, 21.x releases lines on or shortly after, Tuesday, April 9, 2024 in order to address:

  • 1 high severity issues.

Impact

The 18.x release line of Node.js is vulnerable to 1 high severity issue. The 20.x release line of Node.js is vulnerable to 1 high severity issue. The 21.x release line of Node.js is vulnerable to 1 high severity issue.

Release timing

Releases will be available on, or shortly after, Tuesday, April 9, 2024.

Contact and future updates

The current Node.js security policy can be found at https://nodejs.org/en/security/. Please follow the process outlined in https://github.com/nodejs/node/blob/master/SECURITY.md if you wish to report a vulnerability in Node.js.

Subscribe to the low-volume announcement-only nodejs-sec mailing list at https://groups.google.com/forum/#!forum/nodejs-sec to stay up to date on security vulnerabilities and security-related releases of Node.js and the projects maintained in the nodejs GitHub organization.

We have multiple releases out for NodeJS to address security issues. These are running on NPM 10.5.0 and it is highly recommended you update to these versions to mitigate the security risk.

15 Apr 2024

phpPgAdmin 7.14.7 Released

We have updated phpPgAdmin to 7.14.7. This is a bug fix release.

Changelog: https://github.com/ReimuHakurei/phpPgAdmin/releases/tag/v7.14.7-mod

Release: https://github.com/Bearsampp/module-phppgadmin/releases/tag/2024.4.14
15 Apr 2024

Ghostscript 10.03.0 Release

We have updated Ghostcript to 10.03.0 which is a bug fix release.

Changelog: https://ghostscript.readthedocs.io/en/gs10.03.0/News.html

Release: https://github.com/Bearsampp/module-ghostscript/releases/tag/2024.4.14
Results 13 - 24 of 141

Our Supporters

Tassos gr
Jet Brains
Joomdonation
Abivia logo
Bear
codium

Sorry, this website uses features that your browser doesn’t support. Upgrade to a newer version of Firefox, Chrome, Safari, or Edge and you’ll be all set.