SUSE Linux has received two security updates: SUSE-SU-2025:0382-1, a critical upgrade for podman, and SUSE-SU-2025:0056-1, a moderate update for trivy:

SUSE-SU-2025:0382-1: important: Security update for podman
openSUSE-SU-2025:0056-1: moderate: Security update for trivy

SUSE-SU-2025:0382-1: important: Security update for podman

# Security update for podman

Announcement ID: SUSE-SU-2025:0382-1
Release Date: 2025-02-07T08:44:14Z
Rating: important
References:

* bsc#1236270

Cross-References:

* CVE-2024-11218

CVSS scores:

* CVE-2024-11218 ( SUSE ): 8.7
CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2024-11218 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2024-11218 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products:

* Containers Module 15-SP6
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for podman fixes the following issues:

* CVE-2024-11218: Fixed a container breakout by using --jobs=2 and a race
condition when building a malicious Containerfile. (bsc#1236270)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-382=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-382=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-382=1

* Containers Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Containers-15-SP6-2025-382=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-382=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-382=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-382=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-382=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* podmansh-4.9.5-150500.3.31.1
* podman-debuginfo-4.9.5-150500.3.31.1
* podman-4.9.5-150500.3.31.1
* podman-remote-debuginfo-4.9.5-150500.3.31.1
* podman-remote-4.9.5-150500.3.31.1
* openSUSE Leap 15.5 (noarch)
* podman-docker-4.9.5-150500.3.31.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* podmansh-4.9.5-150500.3.31.1
* podman-debuginfo-4.9.5-150500.3.31.1
* podman-4.9.5-150500.3.31.1
* podman-remote-debuginfo-4.9.5-150500.3.31.1
* podman-remote-4.9.5-150500.3.31.1
* openSUSE Leap 15.6 (noarch)
* podman-docker-4.9.5-150500.3.31.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* podmansh-4.9.5-150500.3.31.1
* podman-debuginfo-4.9.5-150500.3.31.1
* podman-4.9.5-150500.3.31.1
* podman-remote-debuginfo-4.9.5-150500.3.31.1
* podman-remote-4.9.5-150500.3.31.1
* SUSE Linux Enterprise Micro 5.5 (noarch)
* podman-docker-4.9.5-150500.3.31.1
* Containers Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* podmansh-4.9.5-150500.3.31.1
* podman-debuginfo-4.9.5-150500.3.31.1
* podman-4.9.5-150500.3.31.1
* podman-remote-debuginfo-4.9.5-150500.3.31.1
* podman-remote-4.9.5-150500.3.31.1
* Containers Module 15-SP6 (noarch)
* podman-docker-4.9.5-150500.3.31.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* podmansh-4.9.5-150500.3.31.1
* podman-debuginfo-4.9.5-150500.3.31.1
* podman-4.9.5-150500.3.31.1
* podman-remote-debuginfo-4.9.5-150500.3.31.1
* podman-remote-4.9.5-150500.3.31.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* podman-docker-4.9.5-150500.3.31.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* podmansh-4.9.5-150500.3.31.1
* podman-debuginfo-4.9.5-150500.3.31.1
* podman-4.9.5-150500.3.31.1
* podman-remote-debuginfo-4.9.5-150500.3.31.1
* podman-remote-4.9.5-150500.3.31.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* podman-docker-4.9.5-150500.3.31.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* podmansh-4.9.5-150500.3.31.1
* podman-debuginfo-4.9.5-150500.3.31.1
* podman-4.9.5-150500.3.31.1
* podman-remote-debuginfo-4.9.5-150500.3.31.1
* podman-remote-4.9.5-150500.3.31.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* podman-docker-4.9.5-150500.3.31.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* podmansh-4.9.5-150500.3.31.1
* podman-debuginfo-4.9.5-150500.3.31.1
* podman-4.9.5-150500.3.31.1
* podman-remote-debuginfo-4.9.5-150500.3.31.1
* podman-remote-4.9.5-150500.3.31.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* podman-docker-4.9.5-150500.3.31.1

## References:

* https://www.suse.com/security/cve/CVE-2024-11218.html
* https://bugzilla.suse.com/show_bug.cgi?id=1236270

openSUSE-SU-2025:0056-1: moderate: Security update for trivy

openSUSE Security Update: Security update for trivy
_______________________________

Announcement ID: openSUSE-SU-2025:0056-1
Rating: moderate
References: #1227010 #1234512 #1235265
Cross-References: CVE-2024-34155 CVE-2024-34156 CVE-2024-34158
CVE-2024-3817 CVE-2024-45337 CVE-2024-45338
CVE-2025-21613 CVE-2025-21614
CVSS scores:
CVE-2024-34155 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2024-34156 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2024-34158 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2024-45337 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2024-45338 (SUSE): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CVE-2025-21613 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:
openSUSE Backports SLE-15-SP6
_______________________________

An update that fixes 8 vulnerabilities is now available.

Description:

This update for trivy fixes the following issues:

Update to version 0.58.2 (

boo#1234512, CVE-2024-45337, boo#1235265, CVE-2024-45338):

* fix(misconf): allow null values only for tf variables [backport:
release/v0.58] (#8238)
* fix(suse): SUSE - update OSType constants and references for
compatility [backport: release/v0.58] (#8237)
* fix: CVE-2025-21613 and CVE-2025-21614 : go-git: argument injection
via the URL field [backport: release/v0.58] (#8215)
* fix(sbom): attach nested packages to Application [backport:
release/v0.58] (#8168)
* fix(python): skip dev group's deps for poetry [backport:
release/v0.58] (#8158)
* fix(sbom): use root package for `unknown` dependencies (if exists)
[backport: release/v0.58] (#8156)
* chore(deps): bump `golang.org/x/net` from `v0.32.0` to `v0.33.0`
[backport: release/v0.58] (#8142)
* chore(deps): bump `github.com/CycloneDX/cyclonedx-go` from `v0.9.1` to
`v0.9.2` [backport: release/v0.58] (#8136)
* fix(redhat): correct rewriting of recommendations for the same
vulnerability [backport: release/v0.58] (#8135)
* fix(oracle): add architectures support for advisories [backport:
release/v0.58] (#8125)
* fix(sbom): fix wrong overwriting of applications obtained from
different sbom files but having same app type [backport:
release/v0.58] (#8124)
* chore(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 [backport:
release/v0.58] (#8122)
* fix: handle `BLOW_UNKNOWN` error to download DBs [backport:
release/v0.58] (#8121)
* fix(java): correctly overwrite version from depManagement if
dependency uses `project.*` props [backport: release/v0.58] (#8119)
* release: v0.58.0 [main] (#7874)
* fix(misconf): wrap AWS EnvVar to iac types (#7407)
* chore(deps): Upgrade trivy-checks (#8018)
* refactor(misconf): Remove unused options (#7896)
* docs: add terminology page to explain Trivy concepts (#7996)
* feat: add `workspaceRelationship` (#7889)
* refactor(sbom): simplify relationship generation (#7985)
* docs: improve databases documentation (#7732)
* refactor: remove support for custom Terraform checks (#7901)
* docs: drop AWS account scanning (#7997)
* fix(aws): change CPU and Memory type of ContainerDefinition to a
string (#7995)
* fix(cli): Handle empty ignore files more gracefully (#7962)
* fix(misconf): load full Terraform module (#7925)
* fix(misconf): properly resolve local Terraform cache (#7983)
* refactor(k8s): add v prefix for Go packages (#7839)
* test: replace Go checks with Rego (#7867)
* feat(misconf): log causes of HCL file parsing errors (#7634)
* chore(deps): bump the aws group across 1 directory with 7 updates
(#7991)
* chore(deps): bump github.com/moby/buildkit from 0.17.0 to 0.17.2 in
the docker group across 1 directory (#7990)
* chore(deps): update csaf module dependency from csaf-poc to gocsaf
(#7992)
* chore: downgrade the failed block expand message to debug (#7964)
* fix(misconf): do not erase variable type for child modules (#7941)
* feat(go): construct dependencies of `go.mod` main module in the parser
(#7977)
* feat(go): construct dependencies in the parser (#7973)
* feat: add cvss v4 score and vector in scan response (#7968)
* docs: add `overview` page for `others` (#7972)
* fix(sbom): Fixes for Programming Language Vulnerabilities and SBOM
Package Maintainer Details (#7871)
* feat(suse): Align SUSE/OpenSUSE OS Identifiers (#7965)
* chore(deps): bump the common group with 4 updates (#7949)
* feat(oracle): add `flavors` support (#7858)
* fix(misconf): Update trivy-checks default repo to `mirror.gcr.io`
(#7953)
* chore(deps): Bump up trivy-checks to v1.3.0 (#7959)
* fix(k8s): check all results for vulnerabilities (#7946)
* ci(helm): bump Trivy version to 0.57.1 for Trivy Helm Chart 0.9.0
(#7945)
* feat(secret): Add built-in secrets rules for Private Packagist (#7826)
* docs: Fix broken links (#7900)
* docs: fix mistakes/typos (#7942)
* feat: Update registry fallbacks (#7679)
* fix(alpine): add `UID` for removed packages (#7887)
* chore(deps): bump the aws group with 6 updates (#7902)
* chore(deps): bump the common group with 6 updates (#7904)
* fix(debian): infinite loop (#7928)
* fix(redhat): don't return error if `root/buildinfo/content_manifests/`
contains files that are not `contentSets` files (#7912)
* docs: add note about temporary podman socket (#7921)
* docs: combine trivy.dev into trivy docs (#7884)
* test: change branch in spdx schema link to check in integration tests
(#7935)
* docs: add Headlamp to the Trivy Ecosystem page (#7916)
* fix(report): handle `git@github.com` schema for misconfigs in `sarif`
report (#7898)
* chore(k8s): enhance k8s scan log (#6997)
* fix(terraform): set null value as fallback for missing variables
(#7669)
* fix(misconf): handle null properties in CloudFormation templates
(#7813)
* fix(fs): add missing defered Cleanup() call to post analyzer fs (#7882)
* chore(deps): bump the common group across 1 directory with 20 updates
(#7876)
* chore: bump containerd to v2.0.0 (#7875)
* fix: Improve version comparisons when build identifiers are present
(#7873)
* feat(k8s): add default commands for unknown platform (#7863)
* chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1
(#7868)
* refactor(secret): optimize performance by moving ToLower operation
outside loop (#7862)
* test: save `containerd` image into archive and use in tests (#7816)
* chore(deps): bump the github-actions group across 1 directory with 2
updates (#7854)
* chore: bump golangci-lint to v1.61.0 (#7853)

- Update to version 0.57.1:
* release: v0.57.1 [release/v0.57] (#7943)
* feat: Update registry fallbacks [backport: release/v0.57] (#7944)
* fix(redhat): don't return error if `root/buildinfo/content_manifests/`
contains files that are not `contentSets` files [backport:
release/v0.57] (#7939)
* test: change branch in spdx schema link to check in integration tests
[backport: release/v0.57] (#7940)
* release: v0.57.0 [main] (#7710)
* chore: lint `errors.Join` (#7845)
* feat(db): append errors (#7843)
* docs(java): add info about supported scopes (#7842)
* docs: add example of creating whitelist of checks (#7821)
* chore(deps): Bump trivy-checks (#7819)
* fix(go): Do not trim v prefix from versions in Go Mod Analyzer (#7733)
* fix(k8s): skip resources without misconfigs (#7797)
* fix(sbom): use `Annotation` instead of `AttributionTexts` for `SPDX`
formats (#7811)
* fix(cli): add config name to skip-policy-update alias (#7820)
* fix(helm): properly handle multiple archived dependencies (#7782)
* refactor(misconf): Deprecate `EXCEPTIONS` for misconfiguration
scanning (#7776)
* fix(k8s)!: support k8s multi container (#7444)
* fix(k8s): support kubernetes v1.31 (#7810)
* docs: add Windows install instructions (#7800)
* ci(helm): auto public Helm chart after PR merged (#7526)
* feat: add end of life date for Ubuntu 24.10 (#7787)
* feat(report): update gitlab template to populate operating_system
value (#7735)
* feat(misconf): Show misconfig ID in output (#7762)
* feat(misconf): export unresolvable field of IaC types to Rego (#7765)
* refactor(k8s): scan config files as a folder (#7690)
* fix(license): fix license normalization for Universal Permissive
License (#7766)
* fix: enable usestdlibvars linter (#7770)
* fix(misconf): properly expand dynamic blocks (#7612)
* feat(cyclonedx): add file checksums to `CycloneDX` reports (#7507)
* fix(misconf): fix for Azure Storage Account network acls adaptation
(#7602)
* refactor(misconf): simplify k8s scanner (#7717)
* feat(parser): ignore white space in pom.xml files (#7747)
* test: use forked images (#7755)
* fix(java): correctly inherit `version` and `scope` from upper/root
`depManagement` and `dependencies` into parents (#7541)
* fix(misconf): check if property is not nil before conversion (#7578)
* fix(misconf): change default ACL of digitalocean_spaces_bucket to
private (#7577)
* feat(misconf): ssl_mode support for GCP SQL DB instance (#7564)
* test: define constants for test images (#7739)
* docs: add note about disabled DS016 check (#7724)
* feat(misconf): public network support for Azure Storage Account (#7601)
* feat(cli): rename `trivy auth` to `trivy registry` (#7727)
* docs: apt-transport-https is a transitional package (#7678)
* refactor(misconf): introduce generic scanner (#7515)
* fix(cli): `clean --all` deletes only relevant dirs (#7704)
* feat(cli): add `trivy auth` (#7664)
* fix(sbom): add options for DBs in private registries (#7660)
* docs(report): fix reporting doc format (#7671)
* fix(repo): `git clone` output to Stderr (#7561)
* fix(redhat): include arch in PURL qualifiers (#7654)
* fix(report): Fix invalid URI in SARIF report (#7645)
* docs(report): Improve SARIF reporting doc (#7655)
* fix(db): fix javadb downloading error handling (#7642)
* feat(cli): error out when ignore file cannot be found (#7624)

- Update to version 0.56.2:
* release: v0.56.2 [release/v0.56] (#7694)
* fix(redhat): include arch in PURL qualifiers [backport: release/v0.56]
(#7702)
* fix(sbom): add options for DBs in private registries [backport:
release/v0.56] (#7691)

- Update to version 0.56.1:
* release: v0.56.1 [release/v0.56] (#7648)
* fix(db): fix javadb downloading error handling [backport:
release/v0.56] (#7646)
* release: v0.56.0 [main] (#7447)
* fix(misconf): not to warn about missing selectors of libraries (#7638)
* feat: support RPM archives (#7628)
* fix(secret): change grafana token regex to find them without unquoted
(#7627)
* fix(misconf): Disable deprecated checks by default (#7632)
* chore: add prefixes to log messages (#7625)
* feat(misconf): Support `--skip-*` for all included modules (#7579)
* feat: support multiple DB repositories for vulnerability and Java DB
(#7605)
* ci: don't use cache for `setup-go` (#7622)
* test: use loaded image names (#7617)
* feat(java): add empty versions if `pom.xml` dependency versions can't
be detected (#7520)
* feat(secret): enhance secret scanning for python binary files (#7223)
* refactor: fix auth error handling (#7615)
* ci: split `save` and `restore` cache actions (#7614)
* fix(misconf): disable DS016 check for image history analyzer (#7540)
* feat(suse): added SUSE Linux Enterprise Micro support (#7294)
* feat(misconf): add ability to disable checks by ID (#7536)
* fix(misconf): escape all special sequences (#7558)
* test: use a local registry for remote scanning (#7607)
* fix: allow access to '..' in mapfs (#7575)
* fix(db): check `DownloadedAt` for `trivy-java-db` (#7592)
* chore(deps): bump the common group across 1 directory with 20 updates
(#7604)
* ci: add `workflow_dispatch` trigger for test workflow. (#7606)
* ci: cache test images for `integration`, `VM` and `module` tests
(#7599)
* chore(deps): remove broken replaces for opa and discovery (#7600)
* docs(misconf): Add more info on how to use arbitrary JSON/YAML scan
feat (#7458)
* fix(misconf): Fixed scope for China Cloud (#7560)
* perf(misconf): use port ranges instead of enumeration (#7549)
* fix(sbom): export bom-ref when converting a package to a component
(#7340)
* refactor(misconf): pass options to Rego scanner as is (#7529)
* fix(sbom): parse type `framework` as `library` when unmarshalling
`CycloneDX` files (#7527)
* chore(deps): bump go-ebs-file (#7513)
* fix(misconf): Fix logging typo (#7473)
* feat(misconf): Register checks only when needed (#7435)
* refactor: split `.egg` and `packaging` analyzers (#7514)
* fix(java): use `dependencyManagement` from root/child pom's for
dependencies from parents (#7497)
* chore(vex): add `CVE-2024-34155`, `CVE-2024-34156` and
`CVE-2024-34158` in `trivy.openvex.json` (#7510)
* chore(deps): bump alpine from 3.20.0 to 3.20.3 (#7508)
* chore(vex): suppress openssl vulnerabilities (#7500)
* revert(java): stop supporting of `test` scope for `pom.xml` files
(#7488)
* docs(db): add a manifest example (#7485)
* feat(license): improve license normalization (#7131)
* docs(oci): Add a note About the expected Media Type for the Trivy-DB
OCI Artifact (#7449)
* fix(report): fix error with unmarshal of
`ExperimentalModifiedFindings` (#7463)
* fix(report): change a receiver of MarshalJSON (#7483)
* fix(oracle): Update EOL date for Oracle 7 (#7480)
* chore(deps): bump the aws group with 6 updates (#7468)
* chore(deps): bump the common group across 1 directory with 19 updates
(#7436)
* chore(helm): bump up Trivy Helm chart (#7441)
* refactor(java): add error/statusCode for logs when we can't get
pom.xml/maven-metadata.xml from remote repo (#7451)
* fix(license): stop spliting a long license text (#7336)
* release: v0.55.0 [main] (#7271)
* feat(go): use `toolchain` as `stdlib` version for `go.mod` files
(#7163)
* fix(license): add license handling to JUnit template (#7409)
* feat(java): add `test` scope support for `pom.xml` files (#7414)
* chore(deps): Bump trivy-checks and pin OPA (#7427)
* fix(helm): explicitly define `kind` and `apiVersion` of
`volumeClaimTemplate` element (#7362)
* feat(sbom): set User-Agent header on requests to Rekor (#7396)
* test: add integration plugin tests (#7299)
* fix(nodejs): check all `importers` to detect dev deps from
pnpm-lock.yaml file (#7387)
* fix: logger initialization before flags parsing (#7372)
* fix(aws): handle ECR repositories in different regions (#6217)
* fix(misconf): fix infer type for null value (#7424)
* fix(secret): use `.eyJ` keyword for JWT secret (#7410)
* fix(misconf): do not recreate filesystem map (#7416)
* chore(deps): Bump trivy-checks (#7417)
* fix(misconf): do not register Rego libs in checks registry (#7420)
* fix(sbom): use `NOASSERTION` for licenses fields in SPDX formats
(#7403)
* feat(report): export modified findings in JSON (#7383)
* feat(server): Make Trivy Server Multiplexer Exported (#7389)
* chore: update CODEOWNERS (#7398)
* fix(secret): use only line with secret for long secret lines (#7412)
* chore: fix allow rule of ignoring test files to make it case
insensitive (#7415)
* feat(misconf): port and protocol support for EC2 networks (#7146)
* fix(misconf): do not filter Terraform plan JSON by name (#7406)
* feat(misconf): support for ignore by nested attributes (#7205)
* fix(misconf): use module to log when metadata retrieval fails (#7405)
* fix(report): escape `Message` field in `asff.tpl` template (#7401)
* feat(misconf): Add support for using spec from on-disk bundle (#7179)
* docs: add pkg flags to config file page (#7370)
* feat(python): use minimum version for pip packages (#7348)
* fix(misconf): support deprecating for Go checks (#7377)
* fix(misconf): init frameworks before updating them (#7376)
* feat(misconf): ignore duplicate checks (#7317)
* refactor(misconf): use slog (#7295)
* chore(deps): bump trivy-checks (#7350)
* feat(server): add internal `--path-prefix` flag for client/server mode
(#7321)
* chore(deps): bump the aws group across 1 directory with 7 updates
(#7358)
* fix: safely check if the directory exists (#7353)
* feat(misconf): variable support for Terraform Plan (#7228)
* feat(misconf): scanning support for YAML and JSON (#7311)
* fix(misconf): wrap Azure PortRange in iac types (#7357)
* refactor(misconf): highlight only affected rows (#7310)
* fix(misconf): change default TLS values for the Azure storage account
(#7345)
* chore(deps): bump the common group with 9 updates (#7333)
* docs(misconf): Update callsites to use correct naming (#7335)
* docs: update air-gapped docs (#7160)
* refactor: replace ftypes.Gradle with packageurl.TypeGradle (#7323)
* perf(misconf): optimize work with context (#6968)
* docs: update links to packaging.python.org (#7318)
* docs: update client/server docs for misconf and license scanning
(#7277)
* chore(deps): bump the common group across 1 directory with 7 updates
(#7305)
* feat(misconf): iterator argument support for dynamic blocks (#7236)
* fix(misconf): do not set default value for default_cache_behavior
(#7234)
* feat(misconf): support for policy and bucket grants (#7284)
* fix(misconf): load only submodule if it is specified in source (#7112)
* perf(misconf): use json.Valid to check validity of JSON (#7308)
* refactor(misconf): remove unused universal scanner (#7293)
* perf(misconf): do not convert contents of a YAML file to string (#7292)
* fix(terraform): add aws_region name to presets (#7184)
* docs: add auto-generated config (#7261)
* feat(vuln): Add `--detection-priority` flag for accuracy tuning (#7288)
* refactor(misconf): remove file filtering from parsers (#7289)
* fix(flag): incorrect behavior for deprected flag `--clear-cache`
(#7281)
* fix(java): Return error when trying to find a remote pom to avoid
segfault (#7275)
* fix(plugin): do not call GitHub content API for releases and tags
(#7274)
* feat(vm): support the Ext2/Ext3 filesystems (#6983)
* feat(cli)!: delete deprecated SBOM flags (#7266)
* feat(vm): Support direct filesystem (#7058)

- Update to version 0.51.1 (boo#1227010, CVE-2024-3817):

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2025-56=1

Package List:

- openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64):

trivy-0.58.2-bp156.2.6.1

References:

https://www.suse.com/security/cve/CVE-2024-34155.html
https://www.suse.com/security/cve/CVE-2024-34156.html
https://www.suse.com/security/cve/CVE-2024-34158.html
https://www.suse.com/security/cve/CVE-2024-3817.html
https://www.suse.com/security/cve/CVE-2024-45337.html
https://www.suse.com/security/cve/CVE-2024-45338.html
https://www.suse.com/security/cve/CVE-2025-21613.html
https://www.suse.com/security/cve/CVE-2025-21614.html
https://bugzilla.suse.com/1227010
https://bugzilla.suse.com/1234512
https://bugzilla.suse.com/1235265