4 articles tagged #security
Trivy 0.70.0 shipped 17 April 2026, the first release after the March supply chain incident. It bundles new features, but the change that breaks CI silently is the rotated GPG key for deb/rpm.
Traefik 3.6.14 shipped 21 April 2026 with patches for five CVEs. One of them, CVE-2026-40912, lets unauthenticated requests bypass ForwardAuth, BasicAuth, and DigestAuth via percent-encoded prefix tricks.
Wazuh 4.14.5 shipped 23 April 2026. The release notes read like routine maintenance. Five GitHub security advisories published five days later say otherwise.
Wazuh 5.0 beta1 shipped April 2026 with a rewritten agent communication layer and a new built-in indexer. Upgrade from 4.x requires a full stack restart.