Overview
Description
Statistics
- 1 Post
- 1 Interaction
Fediverse
We're released Netty 4.2.11 and 4.1.132. These contain many bug fixes, and fixes for two CVEs both rated *high*:
- CVE-2026-33871: HTTP/2 CONTINUATION frame flood Denial of Service.
- CVE-2026-33870: HTTP/1.1 Request Smuggling vulnerability in chunked encoding parsing.
Release notes for 4.2.11: https://netty.io/news/2026/03/24/4-2-11-Final.html
Release notes for 4.1.132: https://netty.io/news/2026/03/24/4-1-132-Final.html
Also of note: We had 17 people contribute to Netty 4.2.11, of which 5 are new first time contributors 😲
Overview
Description
Statistics
- 1 Post
- 1 Interaction
Fediverse
@gknauss I think the thing is to move to 18.7.3, which is patched.
For devices running versions of iOS prior to 18.6, DarkSword uses CVE-2025-31277, a JIT optimization/type confusion bug which was patched by Apple in iOS 18.6. For devices running iOS 18.6-18.7, DarkSword uses CVE-2025-43529, a garbage collection bug in the Data Flow Graph (DFG) JIT layer of JavaScriptCore which was patched by Apple in iOS 18.7.3 and 26.2 after it was reported by GTIG. Both exploits develop their own fakeobj/addrof primitives, and then build arbitrary read/write primitives the same way on top of them.
I'm unaware of a compelling reason or hardware limitation to not upgrade from 18.6 to 18.7
https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain/
Overview
Description
Statistics
- 1 Post
- 1 Interaction
Fediverse
We're released Netty 4.2.11 and 4.1.132. These contain many bug fixes, and fixes for two CVEs both rated *high*:
- CVE-2026-33871: HTTP/2 CONTINUATION frame flood Denial of Service.
- CVE-2026-33870: HTTP/1.1 Request Smuggling vulnerability in chunked encoding parsing.
Release notes for 4.2.11: https://netty.io/news/2026/03/24/4-2-11-Final.html
Release notes for 4.1.132: https://netty.io/news/2026/03/24/4-1-132-Final.html
Also of note: We had 17 people contribute to Netty 4.2.11, of which 5 are new first time contributors 😲
Overview
- Microsoft
- Microsoft SQL Server 2016 Service Pack 3 (GDR)
Description
Statistics
- 1 Post
Fediverse
Overview
- angular
- angular-cli
Description
Statistics
- 1 Post
Overview
- Microsoft
- .NET 10.0
Description
Statistics
- 1 Post
Fediverse
Overview
Description
Statistics
- 1 Post
Overview
Description
Statistics
- 1 Post
Overview
Description
Statistics
- 1 Post
- 3 Interactions
Fediverse
ISC's March 2026 maintenance releases of BIND 9 are available at https://isc.org/download : stable branches 9.18.47 and 9.20.21, and development branch 9.21.20.
Packages and container images provided by ISC will be updated later today.
In addition to bug fixes and feature improvements, these releases also contain fixes for security vulnerabilities:
https://kb.isc.org/docs/cve-2026-1519
https://kb.isc.org/docs/cve-2026-3104
https://kb.isc.org/docs/cve-2026-3119
https://kb.isc.org/docs/cve-2026-3591
Thanks for using ISC's software!
Overview
Description
Statistics
- 1 Post
- 3 Interactions
Fediverse
ISC's March 2026 maintenance releases of BIND 9 are available at https://isc.org/download : stable branches 9.18.47 and 9.20.21, and development branch 9.21.20.
Packages and container images provided by ISC will be updated later today.
In addition to bug fixes and feature improvements, these releases also contain fixes for security vulnerabilities:
https://kb.isc.org/docs/cve-2026-1519
https://kb.isc.org/docs/cve-2026-3104
https://kb.isc.org/docs/cve-2026-3119
https://kb.isc.org/docs/cve-2026-3591
Thanks for using ISC's software!