Files
packages/net
Alexandru Ardelean 71dc6b7bda kea: bump to 3.0.3
3.0.3 is a security/vulnerability release on the stable 3.0 series.

Notable fixes since 3.0.2:

* **CVE-2026-3608** — A large number of bracket pairs in a JSON payload
  sent to any endpoint caused a stack overflow during recursive parsing.
  The exploit does not need a syntactically valid command, so it bypasses
  RBAC and the command filters on the High-Availability endpoints
  (upstream #4275 / #4288 / #4387).

* Null dereference when configuring the Control Agent with a socket
  entry that lacks the mandatory ``socket-name`` is now caught
  (#4388, #4365).

* UNIX command sockets are created group-writable so Stork 2.4.0+ and
  other tooling using the configured group can talk to the daemon
  (#4398, #4260).

Upstream's release notes flag "no incompatible changes" and "no known
issues" for this bump.

All current patches still apply cleanly.

Release notes:
https://ftp.isc.org/isc/kea/3.0.3/Kea-3.0.3-ReleaseNotes.txt

Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
(cherry picked from commit eb538bd758)
2026-07-10 16:37:47 +02:00
..
2026-07-03 21:29:42 +02:00
2026-06-28 23:24:35 +02:00
2026-06-12 13:01:43 +02:00
2026-07-02 18:56:25 +02:00
2026-07-03 22:05:21 +02:00
2026-07-10 16:37:47 +02:00
2026-07-05 18:21:00 +03:00
2026-06-14 20:46:31 +03:00
2026-07-01 20:46:17 -03:00
2026-06-04 15:56:12 +03:00
2026-07-01 21:28:58 -07:00
2026-06-27 22:47:33 +02:00
2026-06-17 20:59:34 +02:00
2026-06-01 05:50:41 +02:00
2026-06-23 22:55:58 +08:00