Caddy Update Announcement for Fedora 42
Fedora Linux 42 has released a new update for the Caddy web server, version 2.10.0, aimed at addressing several critical vulnerabilities (CVEs). This update is part of Fedora’s ongoing commitment to security and stability.
- Version: 2.10.0
- Release: 1.fc42
- Release Date: April 29, 2025
- Official Website: [Caddy Server](https://caddyserver.com)
- CVE-2025-22872: Involves incorrect neutralization of input during web page generation.
- CVE-2024-45339: Relates to a vulnerability when creating log files.
- CVE-2025-22869: Concerns denial of service threats in the key exchange process.
*This announcement serves as a reminder of the importance of keeping software up to date, especially in the realm of web security where vulnerabilities can have far-reaching consequences.
Fedora Linux 42 has released a new update for the Caddy web server, version 2.10.0, aimed at addressing several critical vulnerabilities (CVEs). This update is part of Fedora’s ongoing commitment to security and stability.
Update Details:
- Package Name: caddy- Version: 2.10.0
- Release: 1.fc42
- Release Date: April 29, 2025
- Official Website: [Caddy Server](https://caddyserver.com)
Summary of the Update:
The update not only introduces new features from the upstream version but also refreshes numerous bundled dependencies, thereby resolving significant security issues. The specific vulnerabilities addressed in this release include:- CVE-2025-22872: Involves incorrect neutralization of input during web page generation.
- CVE-2024-45339: Relates to a vulnerability when creating log files.
- CVE-2025-22869: Concerns denial of service threats in the key exchange process.
Installation Instructions:
Users can easily install the update using the `dnf` package manager by executing the following command:bashsu -c 'dnf upgrade --advisory FEDORA-2025-4518c12e2f'For additional guidance, users can refer to the [dnf documentation](http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label).
Security Assurance:
All packages provided in this update are signed with the Fedora Project GPG key, ensuring their integrity and authenticity. More information about the GPG keys can be found on the [Fedora Project website](https://fedoraproject.org/keys).Conclusion:
It is recommended that all users of Fedora 42 promptly update to Caddy version 2.10.0 to enhance security and take advantage of the latest features. Regular updates are crucial for maintaining a secure and efficient web hosting environment.*This announcement serves as a reminder of the importance of keeping software up to date, especially in the realm of web security where vulnerabilities can have far-reaching consequences.
Caddy update for Fedora 42
New Caddy packages have been made available for Fedora Linux 42 to resolve several CVEs.
[SECURITY] Fedora 42 Update: caddy-2.10.0-1.fc42
