Overview Repositories Revisions Requests Users Attributes Meta
Security update for perl-HTTP-Tiny

This update for perl-HTTP-Tiny fixes the following issues:

perl-HTTP-Tiny was updated to 0.086:

see /usr/share/doc/packages/perl-HTTP-Tiny/Changes

0.086 2023-06-22 10:06:37-04:00 America/New_York

- Fix code to use `$ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT}` as documented.

0.084 2023-06-14 06:35:01-04:00 America/New_York

- No changes from 0.083-TRIAL.

0.083 2023-06-11 07:05:45-04:00 America/New_York (TRIAL RELEASE)

[!!! SECURITY !!!]
- Changes the `verify_SSL` default parameter from `0` to `1`.
Fixes CVE-2023-31486 (boo#1211002)
- `$ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT}` can be used to restore the
old default if required.

0.081 2022-07-17 09:01:51-04:00 America/New_York (TRIAL RELEASE)

[FIXED]
- No longer deletes the 'headers' key from post_form arguments hashref.
[DOCS]
- Noted that request/response content are handled as raw bytes.

0.079 2021-11-04 12:33:43-04:00 America/New_York (TRIAL RELEASE)

[FIXED]
- Fixed uninitialized value warnings on older Perls when the REQUEST_METHOD
environment variable is set and CGI_HTTP_PROXY is not.

0.077 2021-07-22 13:07:14-04:00 America/New_York (TRIAL RELEASE)

[ADDED]

- Added a `patch` helper method for the HTTP `PATCH` verb.
- If the REQUEST_METHOD environment variable is set, then CGI_HTTP_PROXY
replaces HTTP_PROXY.

[FIXED]

- Unsupported scheme errors early without giving an uninitialized value
warning first.
- Sends Content-Length: 0 on empty body PUT/POST. This is not in the spec,
but some servers require this.
- Allows optional status line reason, as clarified in RFC 7230.
- Ignore SIGPIPE on reads as well as writes, as IO::Socket::SSL says that
SSL reads can also send writes as a side effect.
- Check if a server has closed a connection before preserving it for reuse.

[DOCS]

- Clarified that exceptions/errors result in 599 status codes.

[PREREQS]

- Optional IO::Socket::IP prereq must be at least version 0.32 to be used.
This ensures correct timeout support.

0.076 2018-08-05 21:07:38-04:00 America/New_York

- No changes from 0.075-TRIAL.

0.075 2018-08-01 07:03:36-04:00 America/New_York (TRIAL RELEASE)

[CHANGED] - The 'peer' option now also can take a code reference

0.073 2018-07-24 11:33:53-04:00 America/New_York (TRIAL RELEASE)

[DOCS] - Documented 'protocol' field in response hash.

0.071 2018-04-22 14:45:43+02:00 Europe/Oslo (TRIAL RELEASE)

[DOCS] - Documented that method argument to request() is case-sensitive.

Fixed bugs
CVE-2023-31486
bnc#1211002
VUL-0: CVE-2023-31486: perl-HTTP-Tiny: Perl's HTTP:Tiny has insecure TLS cert default, affecting CPAN.pm and other modules
Selected Binaries
openSUSE Build Service is sponsored by
Places