SUSE-SU-2025:0215-1: moderate: Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-containe ...
SUSE-SU-2025:0217-1: moderate: Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadprox ...
SUSE-SU-2025:0214-1: moderate: Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-containe ...
SUSE-SU-2025:0216-1: moderate: Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadprox ...
openSUSE-SU-2025:0021-1: important: Security update for gh
openSUSE-SU-2025:14672-1: moderate: ruby3.4-rubygem-actiontext-8.0-8.0.1-1.1 on GA media
openSUSE-SU-2025:14677-1: moderate: ruby3.4-rubygem-activestorage-8.0-8.0.1-1.1 on GA media
openSUSE-SU-2025:14679-1: moderate: ruby3.4-rubygem-rails-8.0-8.0.1-1.1 on GA media
openSUSE-SU-2025:14668-1: moderate: ruby3.4-rubygem-actioncable-8.0-8.0.1-1.1 on GA media
openSUSE-SU-2025:14671-1: moderate: ruby3.4-rubygem-actionpack-8.0-8.0.1-1.1 on GA media
openSUSE-SU-2025:14667-1: moderate: nvidia-modprobe-565.77-1.1 on GA media
openSUSE-SU-2025:14666-1: moderate: helmfile-0.170.0-1.1 on GA media
openSUSE-SU-2025:14680-1: moderate: ruby3.4-rubygem-railties-8.0-8.0.1-1.1 on GA media
openSUSE-SU-2025:14676-1: moderate: ruby3.4-rubygem-activerecord-8.0-8.0.1-1.1 on GA media
openSUSE-SU-2025:14674-1: moderate: ruby3.4-rubygem-activejob-8.0-8.0.1-1.1 on GA media
openSUSE-SU-2025:14673-1: moderate: ruby3.4-rubygem-actionview-8.0-8.0.1-1.1 on GA media
SUSE-SU-2025:0215-1: moderate: Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-containe ...
# Security update for kubevirt, virt-api-container, virt-controller-container,
virt-exportproxy-container, virt-exportserver-container, virt-handler-container,
virt-launcher-container, virt-libguestfs-t
Announcement ID: SUSE-SU-2025:0215-1
Release Date: 2025-01-22T02:52:54Z
Rating: moderate
References:
* bsc#1232762
* jsc#PED-10545
Affected Products:
* Containers Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that contains one feature and has one security fix can now be
installed.
## Description:
This update for kubevirt, virt-api-container, virt-controller-container, virt-
exportproxy-container, virt-exportserver-container, virt-handler-container,
virt-launcher-container, virt-libguestfs-tools-container, virt-operator-
container, virt-pr-helper-container fixes the following issues:
Update to version 1.4.0
* Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.4.0
* Enable aarch64 build for SLE and mark it as techpreview (jsc#PED-10545)
* Drop packages: iptables, lsscsi, and socat
* Fix ovmf firmware path for SEV(ES) VMs (bsc#1232762)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-215=1 openSUSE-SLE-15.6-2025-215=1
* Containers Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Containers-15-SP6-2025-215=1
## Package List:
* openSUSE Leap 15.6 (aarch64 x86_64)
* kubevirt-virt-controller-1.4.0-150600.5.12.1
* kubevirt-container-disk-1.4.0-150600.5.12.1
* kubevirt-virt-exportproxy-debuginfo-1.4.0-150600.5.12.1
* kubevirt-virt-handler-debuginfo-1.4.0-150600.5.12.1
* kubevirt-virt-operator-debuginfo-1.4.0-150600.5.12.1
* kubevirt-virt-exportproxy-1.4.0-150600.5.12.1
* kubevirt-virt-launcher-1.4.0-150600.5.12.1
* kubevirt-virt-api-1.4.0-150600.5.12.1
* kubevirt-virt-controller-debuginfo-1.4.0-150600.5.12.1
* kubevirt-virt-launcher-debuginfo-1.4.0-150600.5.12.1
* obs-service-kubevirt_containers_meta-1.4.0-150600.5.12.1
* kubevirt-tests-debuginfo-1.4.0-150600.5.12.1
* kubevirt-virtctl-1.4.0-150600.5.12.1
* kubevirt-virtctl-debuginfo-1.4.0-150600.5.12.1
* kubevirt-pr-helper-conf-1.4.0-150600.5.12.1
* kubevirt-virt-api-debuginfo-1.4.0-150600.5.12.1
* kubevirt-virt-operator-1.4.0-150600.5.12.1
* kubevirt-tests-1.4.0-150600.5.12.1
* kubevirt-virt-exportserver-debuginfo-1.4.0-150600.5.12.1
* kubevirt-virt-exportserver-1.4.0-150600.5.12.1
* kubevirt-virt-handler-1.4.0-150600.5.12.1
* kubevirt-manifests-1.4.0-150600.5.12.1
* kubevirt-container-disk-debuginfo-1.4.0-150600.5.12.1
* Containers Module 15-SP6 (aarch64 x86_64)
* kubevirt-manifests-1.4.0-150600.5.12.1
* kubevirt-virtctl-1.4.0-150600.5.12.1
* kubevirt-virtctl-debuginfo-1.4.0-150600.5.12.1
## References:
* https://bugzilla.suse.com/show_bug.cgi?id=1232762
* https://jira.suse.com/browse/PED-10545
SUSE-SU-2025:0217-1: moderate: Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadprox ...
# Security update for cdi-apiserver-container, cdi-cloner-container, cdi-
controller-container, cdi-importer-container, cdi-operator-container, cdi-
uploadproxy-container, cdi-uploadserver-container, cont
Announcement ID: SUSE-SU-2025:0217-1
Release Date: 2025-01-22T02:53:58Z
Rating: moderate
References:
* jsc#PED-10545
Affected Products:
* Containers Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that contains one feature can now be installed.
## Description:
This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-
container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-
container, cdi-uploadserver-container, containerized-data-importer fixes the
following issues:
Update to version 1.61.0:
* Release notes
* https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.61.0
* https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.60.4
* https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.60.3
* https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.60.2
* Enable aarch64 build for SLE and mark it as techpreview (jsc#PED-10545)
* Install nbdkit-server to avoid pulling unneeded dependencies
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-217=1 openSUSE-SLE-15.6-2025-217=1
* Containers Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Containers-15-SP6-2025-217=1
## Package List:
* openSUSE Leap 15.6 (aarch64 x86_64)
* containerized-data-importer-uploadproxy-1.61.0-150600.3.12.1
* containerized-data-importer-uploadproxy-debuginfo-1.61.0-150600.3.12.1
* containerized-data-importer-uploadserver-1.61.0-150600.3.12.1
* containerized-data-importer-uploadserver-debuginfo-1.61.0-150600.3.12.1
* containerized-data-importer-operator-1.61.0-150600.3.12.1
* containerized-data-importer-api-1.61.0-150600.3.12.1
* containerized-data-importer-operator-debuginfo-1.61.0-150600.3.12.1
* obs-service-cdi_containers_meta-1.61.0-150600.3.12.1
* containerized-data-importer-cloner-1.61.0-150600.3.12.1
* containerized-data-importer-importer-debuginfo-1.61.0-150600.3.12.1
* containerized-data-importer-controller-debuginfo-1.61.0-150600.3.12.1
* containerized-data-importer-controller-1.61.0-150600.3.12.1
* containerized-data-importer-cloner-debuginfo-1.61.0-150600.3.12.1
* containerized-data-importer-api-debuginfo-1.61.0-150600.3.12.1
* containerized-data-importer-importer-1.61.0-150600.3.12.1
* containerized-data-importer-manifests-1.61.0-150600.3.12.1
* Containers Module 15-SP6 (aarch64 x86_64)
* containerized-data-importer-manifests-1.61.0-150600.3.12.1
## References:
* https://jira.suse.com/browse/PED-10545
SUSE-SU-2025:0214-1: moderate: Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-containe ...
# Security update for kubevirt, virt-api-container, virt-controller-container,
virt-exportproxy-container, virt-exportserver-container, virt-handler-container,
virt-launcher-container, virt-libguestfs-t
Announcement ID: SUSE-SU-2025:0214-1
Release Date: 2025-01-22T02:52:11Z
Rating: moderate
References:
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that can now be installed.
## Description:
This update for kubevirt, virt-api-container, virt-controller-container, virt-
exportproxy-container, virt-exportserver-container, virt-handler-container,
virt-launcher-container, virt-libguestfs-tools-container, virt-operator-
container, virt-pr-helper-container fixes the following issues:
* Drop packages: iptables, lsscsi and socat
* rebuild against current GO
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-214=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-214=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-214=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-214=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-214=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-214=1
## Package List:
* openSUSE Leap 15.5 (x86_64)
* kubevirt-virt-api-debuginfo-1.2.2-150500.8.24.1
* kubevirt-manifests-1.2.2-150500.8.24.1
* kubevirt-virt-controller-debuginfo-1.2.2-150500.8.24.1
* kubevirt-container-disk-debuginfo-1.2.2-150500.8.24.1
* kubevirt-virt-exportproxy-1.2.2-150500.8.24.1
* kubevirt-virt-api-1.2.2-150500.8.24.1
* kubevirt-tests-debuginfo-1.2.2-150500.8.24.1
* kubevirt-virtctl-debuginfo-1.2.2-150500.8.24.1
* kubevirt-virt-operator-debuginfo-1.2.2-150500.8.24.1
* kubevirt-pr-helper-conf-1.2.2-150500.8.24.1
* kubevirt-virt-launcher-debuginfo-1.2.2-150500.8.24.1
* kubevirt-virt-handler-1.2.2-150500.8.24.1
* kubevirt-container-disk-1.2.2-150500.8.24.1
* kubevirt-virt-controller-1.2.2-150500.8.24.1
* kubevirt-virt-handler-debuginfo-1.2.2-150500.8.24.1
* kubevirt-virt-operator-1.2.2-150500.8.24.1
* kubevirt-virt-exportserver-1.2.2-150500.8.24.1
* kubevirt-virtctl-1.2.2-150500.8.24.1
* obs-service-kubevirt_containers_meta-1.2.2-150500.8.24.1
* kubevirt-virt-exportproxy-debuginfo-1.2.2-150500.8.24.1
* kubevirt-virt-launcher-1.2.2-150500.8.24.1
* kubevirt-tests-1.2.2-150500.8.24.1
* kubevirt-virt-exportserver-debuginfo-1.2.2-150500.8.24.1
* SUSE Linux Enterprise Micro 5.5 (x86_64)
* kubevirt-virtctl-1.2.2-150500.8.24.1
* kubevirt-virtctl-debuginfo-1.2.2-150500.8.24.1
* kubevirt-manifests-1.2.2-150500.8.24.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64)
* kubevirt-virtctl-1.2.2-150500.8.24.1
* kubevirt-virtctl-debuginfo-1.2.2-150500.8.24.1
* kubevirt-manifests-1.2.2-150500.8.24.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64)
* kubevirt-virtctl-1.2.2-150500.8.24.1
* kubevirt-virtctl-debuginfo-1.2.2-150500.8.24.1
* kubevirt-manifests-1.2.2-150500.8.24.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64)
* kubevirt-virtctl-1.2.2-150500.8.24.1
* kubevirt-virtctl-debuginfo-1.2.2-150500.8.24.1
* kubevirt-manifests-1.2.2-150500.8.24.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64)
* kubevirt-virtctl-1.2.2-150500.8.24.1
* kubevirt-virtctl-debuginfo-1.2.2-150500.8.24.1
* kubevirt-manifests-1.2.2-150500.8.24.1
SUSE-SU-2025:0216-1: moderate: Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadprox ...
# Security update for cdi-apiserver-container, cdi-cloner-container, cdi-
controller-container, cdi-importer-container, cdi-operator-container, cdi-
uploadproxy-container, cdi-uploadserver-container, cont
Announcement ID: SUSE-SU-2025:0216-1
Release Date: 2025-01-22T02:53:22Z
Rating: moderate
References:
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that can now be installed.
## Description:
This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-
container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-
container, cdi-uploadserver-container, containerized-data-importer fixes the
following issues:
* Install nbdkit-server to avoid pulling unneeded dependencies
* rebuild against current GO
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-216=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-216=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-216=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-216=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-216=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-216=1
## Package List:
* openSUSE Leap 15.5 (x86_64)
* containerized-data-importer-controller-debuginfo-1.59.0-150500.6.21.1
* containerized-data-importer-operator-debuginfo-1.59.0-150500.6.21.1
* containerized-data-importer-cloner-1.59.0-150500.6.21.1
* containerized-data-importer-manifests-1.59.0-150500.6.21.1
* containerized-data-importer-uploadserver-1.59.0-150500.6.21.1
* containerized-data-importer-importer-1.59.0-150500.6.21.1
* containerized-data-importer-operator-1.59.0-150500.6.21.1
* containerized-data-importer-api-debuginfo-1.59.0-150500.6.21.1
* containerized-data-importer-uploadserver-debuginfo-1.59.0-150500.6.21.1
* containerized-data-importer-importer-debuginfo-1.59.0-150500.6.21.1
* containerized-data-importer-uploadproxy-debuginfo-1.59.0-150500.6.21.1
* obs-service-cdi_containers_meta-1.59.0-150500.6.21.1
* containerized-data-importer-controller-1.59.0-150500.6.21.1
* containerized-data-importer-uploadproxy-1.59.0-150500.6.21.1
* containerized-data-importer-api-1.59.0-150500.6.21.1
* containerized-data-importer-cloner-debuginfo-1.59.0-150500.6.21.1
* SUSE Linux Enterprise Micro 5.5 (x86_64)
* containerized-data-importer-manifests-1.59.0-150500.6.21.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64)
* containerized-data-importer-manifests-1.59.0-150500.6.21.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64)
* containerized-data-importer-manifests-1.59.0-150500.6.21.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64)
* containerized-data-importer-manifests-1.59.0-150500.6.21.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64)
* containerized-data-importer-manifests-1.59.0-150500.6.21.1
openSUSE-SU-2025:0021-1: important: Security update for gh
openSUSE Security Update: Security update for gh
_______________________________
Announcement ID: openSUSE-SU-2025:0021-1
Rating: important
References: #1233387
Cross-References: CVE-2024-52308
Affected Products:
openSUSE Backports SLE-15-SP6
_______________________________
An update that fixes one vulnerability is now available.
Description:
This update for gh fixes the following issues:
- Update to version 2.65.0:
* Bump cli/go-gh for indirect security vulnerability
* Panic mustParseTrackingRef if format is incorrect
* Move trackingRef into pr create package
* Make tryDetermineTrackingRef tests more respective of reality
* Rework tryDetermineTrackingRef tests
* Avoid pointer return from determineTrackingBranch
* Doc determineTrackingBranch
* Don't use pointer for determineTrackingBranch branchConfig
* Panic if tracking ref can't be reconstructed
* Document and rework pr create tracking branch lookup
* Upgrade generated workflows
* Fixed test for stdout in non-tty use case of repo fork
* Fix test
* Alternative: remove LocalBranch from BranchConfig
* Set LocalBranch even if the git config fails
* Add test for permissions check for security and analysis edits (#1)
* print repo url to stdout
* Update pkg/cmd/auth/login/login.go
* Move mention of classic token to correct line
* Separate type decrarations
* Add mention of classic token in gh auth login docs
* Update pkg/cmd/repo/create/create.go
* docs(repo): make explicit which branch is used when creating a repo
* fix(repo fork): add non-TTY output when fork is newly created
* Move api call to editRun
* Complete get -> list renaming
* Better error testing for autolink TestListRun
* Decode instead of unmarshal
* Use 'list' instead of 'get' for autolink list type and method
* Remove NewAutolinkClient
* Break out autolink list json fields test
* PR nits
* Refactor autolink subcommands into their own packages
* Whitespace
* Refactor out early return in test code
* Add testing for AutoLinkGetter
* Refactor autolink list and test to use http interface for simpler
testing
* Apply PR comment changes
* Introduce repo autolinks list commands
* Remove release discussion posts and clean up related block in
deployment yml
* Extract logic into helper function
* add pending status for workflow runs
* Feat: Allow setting security_and_analysis settings in gh repo edit
* Upgrade golang.org/x/net to v0.33.0
* Document SmartBaseRepoFunc
* Document BaseRepoFunc
* Update releasing.md
* Document how to set gh-merge-base
- Update to version 2.64.0:
* add test for different SAN and SourceRepositoryURI values
* add test for signerRepo and tenant
* add some more fields to test that san, sanregex are set properly
* Bump github.com/cpuguy83/go-md2man/v2 from 2.0.5 to 2.0.6
* update san and sanregex configuration for readability
* reduce duplication when creating policy content
* tweak output of build policy info
* Name conditionals in PR finder
* Support pr view for intra-org forks
* Return err instead of silentError in merge queue check
* linting pointed out this var is no longer used
* Removed fun, but inaccessible ASCII header
* further tweaks to the long description
* Exit on pr merge with `-d` and merge queue
* Addressed PR review feedback; expanded Long command help string, used
ghrepo, clarified some abbreviations
* Update pkg/cmd/attestation/inspect/inspect.go
* Update gh auth commands to point to GitHub Docs
* Reformat ext install long
* Mention Windows quirk in ext install help text
* Fix error mishandling in local ext install
* Assert on err msg directly in ext install tests
* Clarify hosts in ext install help text
* Bump golang.org/x/crypto from 0.29.0 to 0.31.0
* Removed now redundant file
* minor tweak to language
* go mod tidy
* Deleted no-longer-used code.
* deleted now-invalid tests, added a tiny patina of new testing.
* Tightened up docs, deleted dead code, improved printing
* fix file name creation on windows
* wording
* hard code expected digest
* fix download test
* use bash shell with integration tests
* simplify var creation
* update integration test scripts
* fix: list branches in square brackets in gh codespace
* try nesting scripts
* run all tests in a single script
* windows for loop syntax
* use replaceAll
* update expected file path on windows
* run integration tests with windows specific syntax
* run all attestation cmd integration tests automatically
* Bump actions/attest-build-provenance from 1.4.4 to 2.1.0
* Improve error handling in apt setup script
* use different file name for attestation files on windows
* test(gh run): assert branch names are enclosed in square brackets
* docs: enhance help text and prompt for rename command
* Revert "Confirm auto-detected base branch"
* Confirm auto-detected base branch
* Merge changes from #10004
* Set gh-merge-base from `issue develop`
* Open PR against gh-merge-base
* Refactor extension executable error handling
* fix: list branches in square brackets in gh run view (#10038)
* docs: update description of command
* style: reformat files
* docs: update sentence case
* use github owned oci image
* docs: add mention of scopes help topic in `auth refresh` command help
* docs: add mention of scopes help topic in `auth login` command help
* docs: add help topic for auth scopes
* docs: improve help for browse command
* docs: improve docs for browse command as of #5352
* fix package reference
* add gh attestation verify integration test for oci bundles
* add integration test for bundle-from-oci option
* update tests
* update tests
* move content of veriy policy options function into enforcement criteria
* comment
* try switch statement
* remove duplicate err checking
* get bundle issuer in another func
* more logic updating to remove nesting
* inverse logic for less nesting
* remove unneeded nesting
* wip, linting, getting tests to pass
* wording
* var naming
* drop table view
* order policy info so relevant info is printed next to each other
* Update pkg/cmd/attestation/verification/policy.go
* Update pkg/cmd/attestation/verification/policy.go
* Update pkg/cmd/attestation/verification/policy.go
* wip: added new printSummaryInspection
* Improve error handling for missing executable
* experiment with table output
* Assert stderr is empty in manager_test.go
* Update error message wording
* Change: exit zero, still print warning to stderr
* wording
* Improve docs on installing extensions
* Update language for missing extension executable
* Update test comments about Windows behavior
* wording
* wording
* wording
* add newlines for additional policy info
* Document requirements for local extensions
* Warn when installing local ext with no executable
* wording
* formatting
* print policy information before verifying
* add initial policy info method
* more wip poking around, now with table printing
* wip, gh at inspect will check the signature on the bundle
* wip: inspect now prints various bundle fields in a nice json
- Update to version 2.63.2:
* include alg with digest when fetching bundles from OCI
* Error for mutually exclusive json and watch flags
* Use safepaths for run download
* Use consistent slice ordering in run download tests
* Consolidate logic for isolating artifacts
* Fix PR checkout panic when base repo is not in remotes
* When renaming an existing remote in `gh repo fork`, log the change
* Improve DNF version clarity in install steps
* Fix formatting in client_test.go comments for linter
* Expand logic and tests to handle edge cases
* Refactor download testing, simpler file descends
* Bump github.com/gabriel-vasile/mimetype from 1.4.6 to 1.4.7
* Improve test names so there is no repetition
* Second attempt to address exploit
- Update to version 2.63.0:
* Add checkout test that uses ssh git remote url
* Rename backwards compatible credentials pattern
* Fix CredentialPattern doc typos
* Remove TODOs
* Fix typos and add tests for CredentialPatternFrom* functions
* Add SSH remote todo
* General cleanup and docs
* Allow repo sync fetch to use insecure credentials pattern
* Allow client fetch to use insecure credentials pattern
* Allow client push to use insecure credential pattern
* Allow client pull to use insecure credential pattern
* Allow opt-in to insecure pattern
* Support secure credential pattern
* Refactor error handling for missing "workflow" scope in createRelease
* ScopesResponder wraps StatusScopesResponder
* Refactor `workflow` scope checking
* pr feedback
* pr feedback
* Update pkg/cmd/attestation/verify/attestation_integration_test.go
* Apply suggestions from code review
* Refactor command documentation to use heredoc
* pr feedback
* remove unused test file
* undo change
* add more testing testing fixtures
* update test with new test bundle
* naming
* update test
* update test
* Fix README.md code block formatting
* clean up
* wrap sigstore and cert ext verification into a single function
* Adding option to return `baseRefOid` in `pr view`
* verify cert extensions function should return filtered result list
* pr feedback
* Update pkg/cmd/attestation/download/download.go
* fix function param calls
* Update pkg/cmd/attestation/verification/extensions.go
* Formatting fix
* Updated formatting to be more clear
* Updated markdown syntax for a `note`.
* Added a section on manual verification of the relases.
* Handle missing "workflow" scope in createRelease
* Modify push prompt on repo create when bare
* Doc push behaviour for bare repo create
* Push --mirror on bare repo create
* Add acceptance test for bare repo create
* Doc isLocalRepo and git.Client IsLocalRepo differences
* Use errWithExitCode interface in repo create isLocalRepo
* Backfill repo creation failure tests
* Support bare repo creation
* use logger println method
* simplify verifyCertExtensions
* rename type
* refactor fetch attestations funcs
- Update to version 2.62.0
* CVE-2024-52308: remote code execution (RCE) when users connect to a
malicious Codespace SSH server and use the gh codespace ssh or gh
codespace logs commands (boo#1233387, GHSA-p2h2-3vg9-4p87)
* Check extension for latest version when executed
* Shorten extension release checking from 3s to 1s
- includes changes from 2.61.0:
* Enhance gh repo edit command to inform users about consequences of
changing visibility and ensure users are intentional before making
irreversible changes
- Update to version 2.60.1:
* Note token redaction in Acceptance test README
* Refactor gpg-key delete to align with ssh-key delete
* Add acceptance tests for org command
* Adjust environment help for host and tokens (#9809)
* Add SSH Key Acceptance test
* Add Acceptance test for label command
* Add acceptance test for gpg-key
* Update go-internal to redact more token types in Acceptance tests
* Address PR feedback
* Clarify `gh` is available for GitHub Enterprise Cloud
* Remove comment from gh auth logout
* Add acceptance tests for auth-setup-git and formattedStringToEnv
helper func
* Use forked testscript for token redaction
* Use new GitHub preview terms in working-with-us.md
* Use new GitHub previews terminology in attestation
* Test json flags for repo view and list
* Clean up auth-login-logout acceptance test with native functionality
* Add --token flag to `gh auth login` to accept a PAT as a flag
* Setup acceptance testing for auth and tests for auth-token and
auth-status
* Update variable testscripts based on secret
* Check extOwner for no value instead
* Fix tests for invalid extension name
* Refactor to remove code duplication
* Linting: now that mockDataGenerator has an embedded mock, we ought to
have pointer receivers in its funcs.
* Minor tweaks, added backoff to getTrustDomain
* added test for verifying we do 3 retries when fetching attestations.
* Fix single quote not expanding vars
* Added constant backoff retry to getAttestations.
* Address @williammartin PR feedback
* wip: added test that fails in the absence of a backoff.
* add validation for local ext install
* feat: add ArchivedAt field to Repository struct
* Refactor `gh secret` testscript
* Wrap true in '' in repo-fork-sync
* Rename acceptance test directory from repos to repo
* Remove unnecessary flags from repo-delete testscript
* Replace LICENSE Makefile README.md acceptance api bin build cmd
context docs git go.mod go.sum internal pkg script share test utils
commands with
* Wrap boolean strings in '' so it is clear they are strings
* Remove unnecessary gh auth setup-git steps
* Cleanup some inconsistencies and improve collapse some functionality
* Add acceptance tests for repo deploy-key add/list/delete
* Add acceptance tests for repo-fork and repo-sync
* Add acceptance test for repo-set-default
* Add acceptance test for repo-edit
* Add acceptance tests for repo-list and repo-rename
* Acceptance testing for repo-archive and repo-unarchive
* Add acceptance test for repo-clone
* Added acceptance test for repo-delete
* Added test function for repos and repo-create test
* Implement acceptance tests for search commands
* Remove . from test case for TestTitleSurvey
* Clean up Title Survey empty title message code
* Add missing test to trigger acceptance tests
* Add acceptance tests for `gh variable`
* Minor polish / consistency
* Fix typo in custom command doc
* Refactor env2upper, env2lower; add docs
* Update secret note about potential failure
* Add testscripts for `gh secret`, helper cmds
* Remove stdout assertion from release
* Rename test files
* Add acceptance tests for `release` commands
* Implement basic API acceptance test
* Remove unnecesary mkdir from download Acceptance test
* Remove empty stdout checks
* Adjust sleeps to echos in Acceptance workflows
* Use regex assert for enable disable workflow Acceptance test
* Watch for run to end for cancel Acceptance test
* Include startedAt, completedAt in run steps data
* Rewrite a sentence in CONTRIBUTING.md
* Add filtered content output to docs
* sleep 10s before checking for workflow run
* Update run-rerun.txtar
* Create cache-list-delete.txtar
* Create run-view.txtar
* Create run-rerun.txtar
* Create run-download.txtar
* Create run-delete.txtar
* Remove IsTenancy and relevant tests from gists as they are unsupported
* Remove unnecessary code branches
* Add ghe.com to tests describing ghec data residency
* Remove comment
* auth: Removed redundant ghauth.IsTenancy(host) check
* Use go-gh/auth package for IsEnterprise, IsTenancy, and
NormalizeHostname
* Upgrade go-gh version to 2.11.0
* Add test coverage to places where IsEnterprise incorrectly covers
Tenancy
* Fix issue creation with metadata regex
* Create run-cancel.txtar
* Create workflow-run.txtar
* Create workflow-view.txtar
* implement workflow enable/disable acceptance test
* implement base workflow list acceptance test
* Add comment to acceptance make target
* Resolve PR feedback
* Acceptance test issue command
* Support GH_ACCEPTANCE_SCRIPT
* Ensure Acceptance defer failures are debuggable
* Add acceptance task to makefile
* build(deps): bump github.com/gabriel-vasile/mimetype from 1.4.5 to
1.4.6
* Ensure pr create with metadata has assignment
* Document sharedCmds func in acceptance tests
* Correct testscript description in Acceptance readme
* Add link to testscript pkg documentation
* Add VSCode extension links to Acceptance README
* Fix GH_HOST / GH_ACCEPTANCE_HOST misuse
* Acceptance test PR list
* Support skipping Acceptance test cleanup
* Acceptance test PR creation with metadata
* Suggest using legacy PAT for acceptance tests
* Add host recommendation to Acceptance test docs
* Don't append remaining text if more matches
* Highlight matches in table and content
* Split all newlines, and output no-color to non-TTY
* Print filtered gists similar to code search
* Show progress when filtering
* Simplify description
* Disallow use of --include-content without --filter
* Improve help docs
* Refactor filtering into existing `gist list`
* Improve performance
* Add `gist search` command
* Fix api tests after function signature changes
* Return nil instead of empty objects when err
* Fix license list and view tests
* Validate required env vars not-empty for Acceptance tests
* Add go to test instructions in Acceptance README
* Apply suggestions from code review
* Error if acceptance tests are targeting github or cli orgs
* Add codecoverage to Acceptance README
* Isolate acceptance env vars
* Add Writing Tests section to Acceptance README
* Add Debug and Authoring sections to Acceptance README
* Acceptance test PR comment
* Acceptance test PR merge and rebase
* Note syntax highlighting support for txtar files
* Refactor acceptance test environment handling
* Add initial acceptance test README
* Use txtar extension for testscripts
* Support targeting other hosts in acceptance tests
* Use stdout2env in PR acceptance tests
* Acceptance test PR checkout
* Add pr view test script
* Initial testscript introduction
* While we're at it, let's ensure VerifyCertExtensions can't be tricked
the same way.
* Add examples for creating `.gitignore` files
* Update help for license view
* Refactor http error handling
* implement `--web` flag for license view
* Fix license view help doc, add LICENSE.md example
* Update help and fix heredoc indentation
* Add SPDX ID to license list output
* Fix ExactArgs invocation
* Add `Long` for license list indicating limitations
* Update function names
* Reverse repo/shared package name change
* If provided with zero attestations to verify, the
LiveSigstoreVerifier.Verify func should return an error.
* Bump cli/oauth to 1.1.1
* Add test coverage for TitleSurvey change
* Fix failing test for pr and issue create
* Make the X in the error message red and print with io writer
* Handle errors from parsing hostname in auth flow
* Apply suggestions from code review
* Refactor tests and add new tests
* Move API calls to queries_repo.go
* Allow user to override markdown wrap width via $GH_MDWIDTH from
environment
* Add handling of empty titles for Issues and PRs
* Print the login URL even when opening a browser
* Apply suggestions from code review
* Update SECURITY.md
* Fix typo and wordsmithing
* fix typo
* Remove trailing space from heading
* Revise wording
* Update docs to allow community submitted designs
* Implement license view
* Implement gitignore view
* implement gitignore list
* Update license table headings and tests
* Fix ListLicenseTemplates doc
* fix output capitalization
* Cleanup rendering and tests
* Remove json output option
* Divide shared repo package and add queries tests
* First pass at implementing `gh repo license list`
* Emit a log message when extension installation falls back to a
darwin-amd64 binary on an Apple Silicon macOS machine
- Update to version 2.58.0:
* build(deps): bump github.com/theupdateframework/go-tuf/v2
* Include `dnf5` commands
* Add GPG key instructions to appropriate sections
* Update docs language to remove possible confusion around 'where you
log in'
* Change conditional in promptForHostname to better reflect prompter
changes
* Shorten language on Authenticate with a GitHub host.
* Update language on docstring for `gh auth login`
* Change prompts for `gh auth login` to reflect change from GHE to Other
* Sentence case 'Other' option in hostname prompt
* build(deps): bump github.com/henvic/httpretty from 0.1.3 to 0.1.4
* Add documentation explaining how to use `hostname` for `gh auth login`
* Replace "GitHub Enterprise Server" with "other" in `gh auth login`
prompt
* fix tenant-awareness for trusted-root command
* Fix test
* Update pkg/cmd/extension/manager.go
* Update comment formatting
* Use new HasActiveToken method in trustedroot.go
* Add HasActiveToken method to AuthConfig interface
* Add HasActiveToken to AuthConfig.
* Improve error presentation
* Improve the suggested command for creating an issue when an extension
doesn't have a binary for your platform
* Update pkg/cmd/attestation/trustedroot/trustedroot_test.go
* build(deps): bump github.com/cpuguy83/go-md2man/v2 from 2.0.4 to 2.0.5
* enforce auth for tenancy
* disable auth check for att trusted-root cmd
* better error for att verify custom issuer mismatch
* Enhance gh repo create docs, fix random cmd link
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP6:
zypper in -t patch openSUSE-2025-21=1
Package List:
- openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64):
gh-2.65.0-bp156.2.17.1
gh-debuginfo-2.65.0-bp156.2.17.1
- openSUSE Backports SLE-15-SP6 (noarch):
gh-bash-completion-2.65.0-bp156.2.17.1
gh-fish-completion-2.65.0-bp156.2.17.1
gh-zsh-completion-2.65.0-bp156.2.17.1
References:
https://www.suse.com/security/cve/CVE-2024-52308.html
https://bugzilla.suse.com/1233387
openSUSE-SU-2025:14672-1: moderate: ruby3.4-rubygem-actiontext-8.0-8.0.1-1.1 on GA media
# ruby3.4-rubygem-actiontext-8.0-8.0.1-1.1 on GA media
Announcement ID: openSUSE-SU-2025:14672-1
Rating: moderate
Cross-References:
* CVE-2024-54133
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the ruby3.4-rubygem-actiontext-8.0-8.0.1-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* ruby3.4-rubygem-actiontext-8.0 8.0.1-1.1
## References:
* https://www.suse.com/security/cve/CVE-2024-54133.html
openSUSE-SU-2025:14677-1: moderate: ruby3.4-rubygem-activestorage-8.0-8.0.1-1.1 on GA media
# ruby3.4-rubygem-activestorage-8.0-8.0.1-1.1 on GA media
Announcement ID: openSUSE-SU-2025:14677-1
Rating: moderate
Cross-References:
* CVE-2024-54133
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the ruby3.4-rubygem-activestorage-8.0-8.0.1-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* ruby3.4-rubygem-activestorage-8.0 8.0.1-1.1
## References:
* https://www.suse.com/security/cve/CVE-2024-54133.html
openSUSE-SU-2025:14679-1: moderate: ruby3.4-rubygem-rails-8.0-8.0.1-1.1 on GA media
# ruby3.4-rubygem-rails-8.0-8.0.1-1.1 on GA media
Announcement ID: openSUSE-SU-2025:14679-1
Rating: moderate
Cross-References:
* CVE-2024-54133
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the ruby3.4-rubygem-rails-8.0-8.0.1-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* ruby3.4-rubygem-rails-8.0 8.0.1-1.1
## References:
* https://www.suse.com/security/cve/CVE-2024-54133.html
openSUSE-SU-2025:14668-1: moderate: ruby3.4-rubygem-actioncable-8.0-8.0.1-1.1 on GA media
# ruby3.4-rubygem-actioncable-8.0-8.0.1-1.1 on GA media
Announcement ID: openSUSE-SU-2025:14668-1
Rating: moderate
Cross-References:
* CVE-2024-54133
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the ruby3.4-rubygem-actioncable-8.0-8.0.1-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* ruby3.4-rubygem-actioncable-8.0 8.0.1-1.1
## References:
* https://www.suse.com/security/cve/CVE-2024-54133.html
openSUSE-SU-2025:14671-1: moderate: ruby3.4-rubygem-actionpack-8.0-8.0.1-1.1 on GA media
# ruby3.4-rubygem-actionpack-8.0-8.0.1-1.1 on GA media
Announcement ID: openSUSE-SU-2025:14671-1
Rating: moderate
Cross-References:
* CVE-2024-54133
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the ruby3.4-rubygem-actionpack-8.0-8.0.1-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* ruby3.4-rubygem-actionpack-8.0 8.0.1-1.1
## References:
* https://www.suse.com/security/cve/CVE-2024-54133.html
openSUSE-SU-2025:14667-1: moderate: nvidia-modprobe-565.77-1.1 on GA media
# nvidia-modprobe-565.77-1.1 on GA media
Announcement ID: openSUSE-SU-2025:14667-1
Rating: moderate
Cross-References:
* CVE-2024-0131
* CVE-2024-0147
CVSS scores:
* CVE-2024-0131 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2024-0147 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Tumbleweed
An update that solves 2 vulnerabilities can now be installed.
## Description:
These are all security issues fixed in the nvidia-modprobe-565.77-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* nvidia-modprobe 565.77-1.1
## References:
* https://www.suse.com/security/cve/CVE-2024-0131.html
* https://www.suse.com/security/cve/CVE-2024-0147.html
openSUSE-SU-2025:14666-1: moderate: helmfile-0.170.0-1.1 on GA media
# helmfile-0.170.0-1.1 on GA media
Announcement ID: openSUSE-SU-2025:14666-1
Rating: moderate
Cross-References:
* CVE-2024-45338
CVSS scores:
* CVE-2024-45338 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-45338 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the helmfile-0.170.0-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* helmfile 0.170.0-1.1
* helmfile-bash-completion 0.170.0-1.1
* helmfile-fish-completion 0.170.0-1.1
* helmfile-zsh-completion 0.170.0-1.1
## References:
* https://www.suse.com/security/cve/CVE-2024-45338.html
openSUSE-SU-2025:14680-1: moderate: ruby3.4-rubygem-railties-8.0-8.0.1-1.1 on GA media
# ruby3.4-rubygem-railties-8.0-8.0.1-1.1 on GA media
Announcement ID: openSUSE-SU-2025:14680-1
Rating: moderate
Cross-References:
* CVE-2024-54133
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the ruby3.4-rubygem-railties-8.0-8.0.1-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* ruby3.4-rubygem-railties-8.0 8.0.1-1.1
## References:
* https://www.suse.com/security/cve/CVE-2024-54133.html
openSUSE-SU-2025:14676-1: moderate: ruby3.4-rubygem-activerecord-8.0-8.0.1-1.1 on GA media
# ruby3.4-rubygem-activerecord-8.0-8.0.1-1.1 on GA media
Announcement ID: openSUSE-SU-2025:14676-1
Rating: moderate
Cross-References:
* CVE-2024-54133
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the ruby3.4-rubygem-activerecord-8.0-8.0.1-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* ruby3.4-rubygem-activerecord-8.0 8.0.1-1.1
## References:
* https://www.suse.com/security/cve/CVE-2024-54133.html
openSUSE-SU-2025:14674-1: moderate: ruby3.4-rubygem-activejob-8.0-8.0.1-1.1 on GA media
# ruby3.4-rubygem-activejob-8.0-8.0.1-1.1 on GA media
Announcement ID: openSUSE-SU-2025:14674-1
Rating: moderate
Cross-References:
* CVE-2024-54133
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the ruby3.4-rubygem-activejob-8.0-8.0.1-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* ruby3.4-rubygem-activejob-8.0 8.0.1-1.1
## References:
* https://www.suse.com/security/cve/CVE-2024-54133.html
openSUSE-SU-2025:14673-1: moderate: ruby3.4-rubygem-actionview-8.0-8.0.1-1.1 on GA media
# ruby3.4-rubygem-actionview-8.0-8.0.1-1.1 on GA media
Announcement ID: openSUSE-SU-2025:14673-1
Rating: moderate
Cross-References:
* CVE-2024-54133
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the ruby3.4-rubygem-actionview-8.0-8.0.1-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* ruby3.4-rubygem-actionview-8.0 8.0.1-1.1
## References:
* https://www.suse.com/security/cve/CVE-2024-54133.html
