Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cpp-httplib for openSUSE:Factory 
checked in at 2026-07-06 12:27:53
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/cpp-httplib (Old)
 and      /work/SRC/openSUSE:Factory/.cpp-httplib.new.1982 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "cpp-httplib"

Mon Jul  6 12:27:53 2026 rev:21 rq:1363564 version:0.49.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/cpp-httplib/cpp-httplib.changes  2026-06-10 
15:45:23.393415778 +0200
+++ /work/SRC/openSUSE:Factory/.cpp-httplib.new.1982/cpp-httplib.changes        
2026-07-06 12:28:34.367562799 +0200
@@ -1,0 +2,34 @@
+Thu Jul  2 17:21:58 UTC 2026 - Marius Grossu <[email protected]>
+
+- Update to 0.49.0:
+  * Escape special characters (", CR, LF) in multipart field names and 
filenames when serializing multipart/form-data bodies to prevent header 
injection attacks
+  * Escape CR/LF in MultipartFormData::content_type values before writing them 
to part headers
+  * Add public MultipartFormDataWriter for multipart body serialization 
outside the standard client methods
+  * Make the ThreadPool idle timeout for dynamic threads configurable via a 
new constructor parameter
+  * Replace locale-dependent character classification with ASCII-specific 
helpers across multipart validation, token checks, URI encoding, range parsing, 
and IPv4 detection (#2482, #2483)
+  * Remove the default port from the WebSocket handshake Host header per RFC 
6455 §4.1 and fix IPv6 literal bracketing (#2480)
+  * Fix query string handling when path encoding is disabled — the query is 
now sent verbatim instead of being decoded and re-encoded (#2479)
+  * Fix unsigned accumulator in base64_encode to avoid undefined behavior with 
high-bit bytes (#2477)
+  * Fix meson build failure on glibc >= 2.34 where getaddrinfo_a is built into 
libc (#2484)
+- 0.48.0:
+  * Complete the IP-host certificate identity fix for the Mbed TLS and wolfSSL 
backends: IP-literal hosts are now authenticated only via a matching iPAddress 
SAN, never via Common Name; add IPv6 (16-byte) iPAddress SAN matching (#2476)
+  * Replace the strtod-based quality-value parser with a locale-independent 
hand-written parser to handle comma-decimal locales correctly (#2475)
+  * Fix OpenSSL 4.0 deprecation warnings by using X509_STORE_get1_objects() 
and X509_NAME_get_index_by_NID()
+  * decode_query_component() now uses strict hex parsing, rejecting non-hex 
characters following % (e.g. %-1, %+5) (#2472)
+  * Add new OSS-Fuzz fuzzer targets for multipart parsing (#2473)
+- 0.47.0:
+  * Fix TLS certificate chain verification bypass for IP-literal hosts on the 
Mbed TLS and wolfSSL backends where chain validation was skipped entirely or 
not performed post-handshake
+  * Disable SNI for IP hosts on Mbed TLS and wolfSSL per RFC 6066
+  * Add Server::set_start_handler() callback invoked when the server is ready 
to accept connections
+  * Add Client/SSLClient/WebSocketClient::enable_system_ca(bool) to load 
system CA certificates alongside a custom CA (#2471)
+  * Add WebSocketClient::set_hostname_addr_map() for IP-specific connection 
while maintaining the hostname for handshake/verification (#2463)
+  * Request body is now read after route matching and the pre-request handler 
(route matching -> pre-request handler -> body read -> handler), so requests 
rejected by the pre-request handler no longer buffer the body
+  * WebSocketClient with a custom CA no longer merges system certificates 
(call enable_system_ca(true) for that behavior)
+  * Range request headers are now ignored for streaming responses of unknown 
length (#2465)
+  * Fix SSLClient::set_ca_cert_store() breaking custom-CA exclusivity and 
system certificates being silently merged
+  * Fix WebSocketClient dropping the query string during the upgrade handshake 
(#2468)
+  * Fix use-after-free when reconnecting WebSocketClient after 
set_ca_cert_store() and a related memory leak
+  * Fix MSVC C4309 truncation warning in the SHA padding code (#2464)
+  * Cast to unsigned char before ctype calls in is_hex and is_token_char to 
avoid undefined behavior (#2469)
+
+-------------------------------------------------------------------

Old:
----
  cpp-httplib-0.46.1.tar.gz

New:
----
  cpp-httplib-0.49.0.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ cpp-httplib.spec ++++++
--- /var/tmp/diff_new_pack.Jp7xC5/_old  2026-07-06 12:28:35.143589722 +0200
+++ /var/tmp/diff_new_pack.Jp7xC5/_new  2026-07-06 12:28:35.147589860 +0200
@@ -17,10 +17,10 @@
 #
 
 
-%define         sover 0.46
-%define         libver 0_46
+%define         sover 0.49
+%define         libver 0_49
 Name:           cpp-httplib
-Version:        0.46.1
+Version:        0.49.0
 Release:        0
 Summary:        A C++11 HTTP/HTTPS server and client library
 License:        MIT

++++++ cpp-httplib-0.46.1.tar.gz -> cpp-httplib-0.49.0.tar.gz ++++++
++++ 3142 lines of diff (skipped)

Reply via email to