From e2d13d23d3c5bbda1b1bd4d0713948bbe0721506 Mon Sep 17 00:00:00 2001 From: Azure Linux Security Servicing Account Date: Thu, 19 Feb 2026 12:35:13 +0000 Subject: [PATCH 1/2] Patch influxdb for CVE-2025-58190, CVE-2025-47911, CVE-2025-30204 --- SPECS/influxdb/CVE-2025-30204.patch | 327 ++++++++++++++++++++++++++++ SPECS/influxdb/CVE-2025-47911.patch | 100 +++++++++ SPECS/influxdb/CVE-2025-58190.patch | 126 +++++++++++ SPECS/influxdb/influxdb.spec | 8 +- 4 files changed, 560 insertions(+), 1 deletion(-) create mode 100644 SPECS/influxdb/CVE-2025-30204.patch create mode 100644 SPECS/influxdb/CVE-2025-47911.patch create mode 100644 SPECS/influxdb/CVE-2025-58190.patch diff --git a/SPECS/influxdb/CVE-2025-30204.patch b/SPECS/influxdb/CVE-2025-30204.patch new file mode 100644 index 00000000000..9d72ba276b3 --- /dev/null +++ b/SPECS/influxdb/CVE-2025-30204.patch @@ -0,0 +1,327 @@ +From 99f704e842cfcb70095509348f4310109b6f30a9 Mon Sep 17 00:00:00 2001 +From: Michael Fridman +Date: Fri, 21 Mar 2025 16:42:51 -0400 +Subject: [PATCH] Backporting 0951d18 to v4 + +Signed-off-by: Azure Linux Security Servicing Account +Upstream-reference: https://github.com/golang-jwt/jwt/commit/2f0e9add62078527821828c76865661aa7718a84.patch +Signed-off-by: Azure Linux Security Servicing Account +Upstream-reference: https://raw.githubusercontent.com/microsoft/azurelinux/refs/heads/main/SPECS/influxdb/CVE-2025-30204.patch +--- + .../form3tech-oss/jwt-go/jwt_test.go | 89 +++++++++++++++++++ + .../github.com/form3tech-oss/jwt-go/parser.go | 36 +++++++- + vendor/github.com/golang-jwt/jwt/jwt_test.go | 89 +++++++++++++++++++ + vendor/github.com/golang-jwt/jwt/parser.go | 36 +++++++- + 4 files changed, 244 insertions(+), 6 deletions(-) + create mode 100644 vendor/github.com/form3tech-oss/jwt-go/jwt_test.go + create mode 100644 vendor/github.com/golang-jwt/jwt/jwt_test.go + +diff --git a/vendor/github.com/form3tech-oss/jwt-go/jwt_test.go b/vendor/github.com/form3tech-oss/jwt-go/jwt_test.go +new file mode 100644 +index 0000000..b01e899 +--- /dev/null ++++ b/vendor/github.com/form3tech-oss/jwt-go/jwt_test.go +@@ -0,0 +1,89 @@ ++package jwt ++ ++import ( ++ "testing" ++) ++ ++func TestSplitToken(t *testing.T) { ++ t.Parallel() ++ ++ tests := []struct { ++ name string ++ input string ++ expected []string ++ isValid bool ++ }{ ++ { ++ name: "valid token with three parts", ++ input: "header.claims.signature", ++ expected: []string{"header", "claims", "signature"}, ++ isValid: true, ++ }, ++ { ++ name: "invalid token with two parts only", ++ input: "header.claims", ++ expected: nil, ++ isValid: false, ++ }, ++ { ++ name: "invalid token with one part only", ++ input: "header", ++ expected: nil, ++ isValid: false, ++ }, ++ { ++ name: "invalid token with extra delimiter", ++ input: "header.claims.signature.extra", ++ expected: nil, ++ isValid: false, ++ }, ++ { ++ name: "invalid empty token", ++ input: "", ++ expected: nil, ++ isValid: false, ++ }, ++ { ++ name: "valid token with empty parts", ++ input: "..signature", ++ expected: []string{"", "", "signature"}, ++ isValid: true, ++ }, ++ { ++ // We are just splitting the token into parts, so we don't care about the actual values. ++ // It is up to the caller to validate the parts. ++ name: "valid token with all parts empty", ++ input: "..", ++ expected: []string{"", "", ""}, ++ isValid: true, ++ }, ++ { ++ name: "invalid token with just delimiters and extra part", ++ input: "...", ++ expected: nil, ++ isValid: false, ++ }, ++ { ++ name: "invalid token with many delimiters", ++ input: "header.claims.signature..................", ++ expected: nil, ++ isValid: false, ++ }, ++ } ++ ++ for _, tt := range tests { ++ t.Run(tt.name, func(t *testing.T) { ++ parts, ok := splitToken(tt.input) ++ if ok != tt.isValid { ++ t.Errorf("expected %t, got %t", tt.isValid, ok) ++ } ++ if ok { ++ for i, part := range tt.expected { ++ if parts[i] != part { ++ t.Errorf("expected %s, got %s", part, parts[i]) ++ } ++ } ++ } ++ }) ++ } ++} +diff --git a/vendor/github.com/form3tech-oss/jwt-go/parser.go b/vendor/github.com/form3tech-oss/jwt-go/parser.go +index bfb480c..6e7c0e3 100644 +--- a/vendor/github.com/form3tech-oss/jwt-go/parser.go ++++ b/vendor/github.com/form3tech-oss/jwt-go/parser.go +@@ -7,6 +7,8 @@ import ( + "strings" + ) + ++const tokenDelimiter = "." ++ + type Parser struct { + ValidMethods []string // If populated, only these methods will be considered valid + UseJSONNumber bool // Use JSON Number format in JSON decoder +@@ -100,9 +102,10 @@ func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyf + // been checked previously in the stack) and you want to extract values from + // it. + func (p *Parser) ParseUnverified(tokenString string, claims Claims) (token *Token, parts []string, err error) { +- parts = strings.Split(tokenString, ".") +- if len(parts) != 3 { +- return nil, parts, NewValidationError("token contains an invalid number of segments", ValidationErrorMalformed) ++ var ok bool ++ parts, ok = splitToken(tokenString) ++ if !ok { ++ return nil, nil, NewValidationError("token contains an invalid number of segments", ValidationErrorMalformed) + } + + token = &Token{Raw: tokenString} +@@ -152,3 +155,30 @@ func (p *Parser) ParseUnverified(tokenString string, claims Claims) (token *Toke + + return token, parts, nil + } ++ ++// splitToken splits a token string into three parts: header, claims, and signature. It will only ++// return true if the token contains exactly two delimiters and three parts. In all other cases, it ++// will return nil parts and false. ++func splitToken(token string) ([]string, bool) { ++ parts := make([]string, 3) ++ header, remain, ok := strings.Cut(token, tokenDelimiter) ++ if !ok { ++ return nil, false ++ } ++ parts[0] = header ++ claims, remain, ok := strings.Cut(remain, tokenDelimiter) ++ if !ok { ++ return nil, false ++ } ++ parts[1] = claims ++ // One more cut to ensure the signature is the last part of the token and there are no more ++ // delimiters. This avoids an issue where malicious input could contain additional delimiters ++ // causing unecessary overhead parsing tokens. ++ signature, _, unexpected := strings.Cut(remain, tokenDelimiter) ++ if unexpected { ++ return nil, false ++ } ++ parts[2] = signature ++ ++ return parts, true ++} +diff --git a/vendor/github.com/golang-jwt/jwt/jwt_test.go b/vendor/github.com/golang-jwt/jwt/jwt_test.go +new file mode 100644 +index 0000000..b01e899 +--- /dev/null ++++ b/vendor/github.com/golang-jwt/jwt/jwt_test.go +@@ -0,0 +1,89 @@ ++package jwt ++ ++import ( ++ "testing" ++) ++ ++func TestSplitToken(t *testing.T) { ++ t.Parallel() ++ ++ tests := []struct { ++ name string ++ input string ++ expected []string ++ isValid bool ++ }{ ++ { ++ name: "valid token with three parts", ++ input: "header.claims.signature", ++ expected: []string{"header", "claims", "signature"}, ++ isValid: true, ++ }, ++ { ++ name: "invalid token with two parts only", ++ input: "header.claims", ++ expected: nil, ++ isValid: false, ++ }, ++ { ++ name: "invalid token with one part only", ++ input: "header", ++ expected: nil, ++ isValid: false, ++ }, ++ { ++ name: "invalid token with extra delimiter", ++ input: "header.claims.signature.extra", ++ expected: nil, ++ isValid: false, ++ }, ++ { ++ name: "invalid empty token", ++ input: "", ++ expected: nil, ++ isValid: false, ++ }, ++ { ++ name: "valid token with empty parts", ++ input: "..signature", ++ expected: []string{"", "", "signature"}, ++ isValid: true, ++ }, ++ { ++ // We are just splitting the token into parts, so we don't care about the actual values. ++ // It is up to the caller to validate the parts. ++ name: "valid token with all parts empty", ++ input: "..", ++ expected: []string{"", "", ""}, ++ isValid: true, ++ }, ++ { ++ name: "invalid token with just delimiters and extra part", ++ input: "...", ++ expected: nil, ++ isValid: false, ++ }, ++ { ++ name: "invalid token with many delimiters", ++ input: "header.claims.signature..................", ++ expected: nil, ++ isValid: false, ++ }, ++ } ++ ++ for _, tt := range tests { ++ t.Run(tt.name, func(t *testing.T) { ++ parts, ok := splitToken(tt.input) ++ if ok != tt.isValid { ++ t.Errorf("expected %t, got %t", tt.isValid, ok) ++ } ++ if ok { ++ for i, part := range tt.expected { ++ if parts[i] != part { ++ t.Errorf("expected %s, got %s", part, parts[i]) ++ } ++ } ++ } ++ }) ++ } ++} +diff --git a/vendor/github.com/golang-jwt/jwt/parser.go b/vendor/github.com/golang-jwt/jwt/parser.go +index bfb480c..6e7c0e3 100644 +--- a/vendor/github.com/golang-jwt/jwt/parser.go ++++ b/vendor/github.com/golang-jwt/jwt/parser.go +@@ -7,6 +7,8 @@ import ( + "strings" + ) + ++const tokenDelimiter = "." ++ + type Parser struct { + ValidMethods []string // If populated, only these methods will be considered valid + UseJSONNumber bool // Use JSON Number format in JSON decoder +@@ -100,9 +102,10 @@ func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyf + // been checked previously in the stack) and you want to extract values from + // it. + func (p *Parser) ParseUnverified(tokenString string, claims Claims) (token *Token, parts []string, err error) { +- parts = strings.Split(tokenString, ".") +- if len(parts) != 3 { +- return nil, parts, NewValidationError("token contains an invalid number of segments", ValidationErrorMalformed) ++ var ok bool ++ parts, ok = splitToken(tokenString) ++ if !ok { ++ return nil, nil, NewValidationError("token contains an invalid number of segments", ValidationErrorMalformed) + } + + token = &Token{Raw: tokenString} +@@ -152,3 +155,30 @@ func (p *Parser) ParseUnverified(tokenString string, claims Claims) (token *Toke + + return token, parts, nil + } ++ ++// splitToken splits a token string into three parts: header, claims, and signature. It will only ++// return true if the token contains exactly two delimiters and three parts. In all other cases, it ++// will return nil parts and false. ++func splitToken(token string) ([]string, bool) { ++ parts := make([]string, 3) ++ header, remain, ok := strings.Cut(token, tokenDelimiter) ++ if !ok { ++ return nil, false ++ } ++ parts[0] = header ++ claims, remain, ok := strings.Cut(remain, tokenDelimiter) ++ if !ok { ++ return nil, false ++ } ++ parts[1] = claims ++ // One more cut to ensure the signature is the last part of the token and there are no more ++ // delimiters. This avoids an issue where malicious input could contain additional delimiters ++ // causing unecessary overhead parsing tokens. ++ signature, _, unexpected := strings.Cut(remain, tokenDelimiter) ++ if unexpected { ++ return nil, false ++ } ++ parts[2] = signature ++ ++ return parts, true ++} +-- +2.45.4 + diff --git a/SPECS/influxdb/CVE-2025-47911.patch b/SPECS/influxdb/CVE-2025-47911.patch new file mode 100644 index 00000000000..0a28f12cb58 --- /dev/null +++ b/SPECS/influxdb/CVE-2025-47911.patch @@ -0,0 +1,100 @@ +From b3bc47308629d526b86ea8bd40b4bc9ce9eaaf0c Mon Sep 17 00:00:00 2001 +From: Roland Shoemaker +Date: Mon, 29 Sep 2025 16:33:18 -0700 +Subject: [PATCH] html: impose open element stack size limit + +The HTML specification contains a number of algorithms which are +quadratic in complexity by design. Instead of adding complicated +workarounds to prevent these cases from becoming extremely expensive in +pathological cases, we impose a limit of 512 to the size of the stack of +open elements. It is extremely unlikely that non-adversarial HTML +documents will ever hit this limit (but if we see cases of this, we may +want to make the limit configurable via a ParseOption). + +Thanks to Guido Vranken and Jakub Ciolek for both independently +reporting this issue. + +Fixes CVE-2025-47911 +Fixes golang/go#75682 + +Change-Id: I890517b189af4ffbf427d25d3fde7ad7ec3509ad +Reviewed-on: https://go-review.googlesource.com/c/net/+/709876 +Reviewed-by: Damien Neil +LUCI-TryBot-Result: Go LUCI +Signed-off-by: Azure Linux Security Servicing Account +Upstream-reference: https://github.com/golang/net/commit/59706cdaa8f95502fdec64b67b4c61d6ca58727d.patch +--- + vendor/golang.org/x/net/html/escape.go | 2 +- + vendor/golang.org/x/net/html/parse.go | 21 +++++++++++++++++---- + 2 files changed, 18 insertions(+), 5 deletions(-) + +diff --git a/vendor/golang.org/x/net/html/escape.go b/vendor/golang.org/x/net/html/escape.go +index 04c6bec..12f2273 100644 +--- a/vendor/golang.org/x/net/html/escape.go ++++ b/vendor/golang.org/x/net/html/escape.go +@@ -299,7 +299,7 @@ func escape(w writer, s string) error { + case '\r': + esc = " " + default: +- panic("unrecognized escape character") ++ panic("html: unrecognized escape character") + } + s = s[i+1:] + if _, err := w.WriteString(esc); err != nil { +diff --git a/vendor/golang.org/x/net/html/parse.go b/vendor/golang.org/x/net/html/parse.go +index 979ef17..4d12a1c 100644 +--- a/vendor/golang.org/x/net/html/parse.go ++++ b/vendor/golang.org/x/net/html/parse.go +@@ -231,7 +231,14 @@ func (p *parser) addChild(n *Node) { + } + + if n.Type == ElementNode { +- p.oe = append(p.oe, n) ++ p.insertOpenElement(n) ++ } ++} ++ ++func (p *parser) insertOpenElement(n *Node) { ++ p.oe = append(p.oe, n) ++ if len(p.oe) > 512 { ++ panic("html: open stack of elements exceeds 512 nodes") + } + } + +@@ -810,7 +817,7 @@ func afterHeadIM(p *parser) bool { + p.im = inFramesetIM + return true + case a.Base, a.Basefont, a.Bgsound, a.Link, a.Meta, a.Noframes, a.Script, a.Style, a.Template, a.Title: +- p.oe = append(p.oe, p.head) ++ p.insertOpenElement(p.head) + defer p.oe.remove(p.head) + return inHeadIM(p) + case a.Head: +@@ -2320,9 +2327,13 @@ func (p *parser) parseCurrentToken() { + } + } + +-func (p *parser) parse() error { ++func (p *parser) parse() (err error) { ++ defer func() { ++ if panicErr := recover(); panicErr != nil { ++ err = fmt.Errorf("%s", panicErr) ++ } ++ }() + // Iterate until EOF. Any other error will cause an early return. +- var err error + for err != io.EOF { + // CDATA sections are allowed only in foreign content. + n := p.oe.top() +@@ -2351,6 +2362,8 @@ func (p *parser) parse() error { + // s. Conversely, explicit s in r's data can be silently dropped, + // with no corresponding node in the resulting tree. + // ++// Parse will reject HTML that is nested deeper than 512 elements. ++// + // The input is assumed to be UTF-8 encoded. + func Parse(r io.Reader) (*Node, error) { + return ParseWithOptions(r) +-- +2.45.4 + diff --git a/SPECS/influxdb/CVE-2025-58190.patch b/SPECS/influxdb/CVE-2025-58190.patch new file mode 100644 index 00000000000..82d64c0d57f --- /dev/null +++ b/SPECS/influxdb/CVE-2025-58190.patch @@ -0,0 +1,126 @@ +From c3502da0cf3712de443e4f1079a7437286011a4b Mon Sep 17 00:00:00 2001 +From: Roland Shoemaker +Date: Mon, 29 Sep 2025 19:38:24 -0700 +Subject: [PATCH] html: align in row insertion mode with spec + +Update inRowIM to match the HTML specification. This fixes an issue +where a specific HTML document could cause the parser to enter an +infinite loop when trying to parse a and implied next to +each other. + +Fixes CVE-2025-58190 +Fixes golang/go#70179 + +Change-Id: Idcb133c87c7d475cc8c7eb1f1550ea21d8bdddea +Reviewed-on: https://go-review.googlesource.com/c/net/+/709875 +LUCI-TryBot-Result: Go LUCI +Reviewed-by: Damien Neil +Signed-off-by: Azure Linux Security Servicing Account +Upstream-reference: https://github.com/golang/net/commit/6ec8895aa5f6594da7356da7d341b98133629009.patch +--- + vendor/golang.org/x/net/html/parse.go | 36 ++++++++++++++++++--------- + 1 file changed, 24 insertions(+), 12 deletions(-) + +diff --git a/vendor/golang.org/x/net/html/parse.go b/vendor/golang.org/x/net/html/parse.go +index 5b8374b..979ef17 100644 +--- a/vendor/golang.org/x/net/html/parse.go ++++ b/vendor/golang.org/x/net/html/parse.go +@@ -136,7 +136,7 @@ func (p *parser) indexOfElementInScope(s scope, matchTags ...a.Atom) int { + return -1 + } + default: +- panic("unreachable") ++ panic(fmt.Sprintf("html: internal error: indexOfElementInScope unknown scope: %d", s)) + } + } + switch s { +@@ -179,7 +179,7 @@ func (p *parser) clearStackToContext(s scope) { + return + } + default: +- panic("unreachable") ++ panic(fmt.Sprintf("html: internal error: clearStackToContext unknown scope: %d", s)) + } + } + } +@@ -1674,7 +1674,7 @@ func inTableBodyIM(p *parser) bool { + return inTableIM(p) + } + +-// Section 12.2.6.4.14. ++// Section 13.2.6.4.14. + func inRowIM(p *parser) bool { + switch p.tok.Type { + case StartTagToken: +@@ -1686,7 +1686,9 @@ func inRowIM(p *parser) bool { + p.im = inCellIM + return true + case a.Caption, a.Col, a.Colgroup, a.Tbody, a.Tfoot, a.Thead, a.Tr: +- if p.popUntil(tableScope, a.Tr) { ++ if p.elementInScope(tableScope, a.Tr) { ++ p.clearStackToContext(tableRowScope) ++ p.oe.pop() + p.im = inTableBodyIM + return false + } +@@ -1696,22 +1698,28 @@ func inRowIM(p *parser) bool { + case EndTagToken: + switch p.tok.DataAtom { + case a.Tr: +- if p.popUntil(tableScope, a.Tr) { ++ if p.elementInScope(tableScope, a.Tr) { ++ p.clearStackToContext(tableRowScope) ++ p.oe.pop() + p.im = inTableBodyIM + return true + } + // Ignore the token. + return true + case a.Table: +- if p.popUntil(tableScope, a.Tr) { ++ if p.elementInScope(tableScope, a.Tr) { ++ p.clearStackToContext(tableRowScope) ++ p.oe.pop() + p.im = inTableBodyIM + return false + } + // Ignore the token. + return true + case a.Tbody, a.Tfoot, a.Thead: +- if p.elementInScope(tableScope, p.tok.DataAtom) { +- p.parseImpliedToken(EndTagToken, a.Tr, a.Tr.String()) ++ if p.elementInScope(tableScope, p.tok.DataAtom) && p.elementInScope(tableScope, a.Tr) { ++ p.clearStackToContext(tableRowScope) ++ p.oe.pop() ++ p.im = inTableBodyIM + return false + } + // Ignore the token. +@@ -2218,16 +2226,20 @@ func parseForeignContent(p *parser) bool { + p.acknowledgeSelfClosingTag() + } + case EndTagToken: ++ if strings.EqualFold(p.oe[len(p.oe)-1].Data, p.tok.Data) { ++ p.oe = p.oe[:len(p.oe)-1] ++ return true ++ } + for i := len(p.oe) - 1; i >= 0; i-- { +- if p.oe[i].Namespace == "" { +- return p.im(p) +- } + if strings.EqualFold(p.oe[i].Data, p.tok.Data) { + p.oe = p.oe[:i] ++ return true ++ } ++ if i > 0 && p.oe[i-1].Namespace == "" { + break + } + } +- return true ++ return p.im(p) + default: + // Ignore the token. + } +-- +2.45.4 + diff --git a/SPECS/influxdb/influxdb.spec b/SPECS/influxdb/influxdb.spec index be0ebccad50..1921f6ab798 100644 --- a/SPECS/influxdb/influxdb.spec +++ b/SPECS/influxdb/influxdb.spec @@ -18,7 +18,7 @@ Summary: Scalable datastore for metrics, events, and real-time analytics Name: influxdb Version: 2.7.5 -Release: 12%{?dist} +Release: 13%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Azure Linux @@ -70,6 +70,9 @@ Patch11: CVE-2025-22872.patch Patch12: CVE-2025-65637.patch Patch13: CVE-2025-10543.patch Patch14: CVE-2025-11065.patch +Patch15: CVE-2025-30204.patch +Patch16: CVE-2025-47911.patch +Patch17: CVE-2025-58190.patch BuildRequires: clang BuildRequires: golang BuildRequires: kernel-headers @@ -159,6 +162,9 @@ go test ./... %{_tmpfilesdir}/influxdb.conf %changelog +* Thu Feb 19 2026 Azure Linux Security Servicing Account - 2.7.5-13 +- Patch for CVE-2025-58190, CVE-2025-47911, CVE-2025-30204 + * Wed Feb 04 2026 Azure Linux Security Servicing Account - 2.7.5-12 - Patch for CVE-2025-11065 From 639a54dba8e3a8848da74eb89805ef53f587584e Mon Sep 17 00:00:00 2001 From: Kanishk Bansal Date: Thu, 19 Feb 2026 12:37:43 +0000 Subject: [PATCH 2/2] Fix changelog date Signed-off-by: Kanishk Bansal --- SPECS/influxdb/CVE-2025-30204.patch | 2 -- SPECS/influxdb/influxdb.spec | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/SPECS/influxdb/CVE-2025-30204.patch b/SPECS/influxdb/CVE-2025-30204.patch index 9d72ba276b3..16583dc6cd2 100644 --- a/SPECS/influxdb/CVE-2025-30204.patch +++ b/SPECS/influxdb/CVE-2025-30204.patch @@ -5,8 +5,6 @@ Subject: [PATCH] Backporting 0951d18 to v4 Signed-off-by: Azure Linux Security Servicing Account Upstream-reference: https://github.com/golang-jwt/jwt/commit/2f0e9add62078527821828c76865661aa7718a84.patch -Signed-off-by: Azure Linux Security Servicing Account -Upstream-reference: https://raw.githubusercontent.com/microsoft/azurelinux/refs/heads/main/SPECS/influxdb/CVE-2025-30204.patch --- .../form3tech-oss/jwt-go/jwt_test.go | 89 +++++++++++++++++++ .../github.com/form3tech-oss/jwt-go/parser.go | 36 +++++++- diff --git a/SPECS/influxdb/influxdb.spec b/SPECS/influxdb/influxdb.spec index 1921f6ab798..d9a89d6a381 100644 --- a/SPECS/influxdb/influxdb.spec +++ b/SPECS/influxdb/influxdb.spec @@ -201,7 +201,7 @@ go test ./... * Mon Feb 10 2025 CBL-Mariner Servicing Account - 2.7.5-1 - Auto-upgrade to 2.7.5 - Upgrade influxdb to fix CVE-2023-44487 -* Wed Jan 27 2025 Kavya Sree Kaitepalli - 2.7.3-9 +* Mon Jan 27 2025 Kavya Sree Kaitepalli - 2.7.3-9 - Fix CVE-2024-28180 * Tue Dec 31 2024 Rohit Rawat - 2.7.3-8