recipe-maintainers/lasuite-drive
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: upgrade to 0.9.0+v0.18.0 #1

Closed
autonomic-bot wants to merge 1 commits from upgrade-0.9.0+v0.18.0 into main
pull from: upgrade-0.9.0+v0.18.0
merge into: recipe-maintainers:main
Conversation 2 Commits 1 Files Changed 1 +3 -3
autonomic-bot commented 2026-06-05 02:51:07 +00:00
Owner
Copy Link

Upgrade lasuite-drive to 0.9.0+v0.18.0

Image tag changes

service image current new
redis redis 8.6.3 8.6.4
web nginx 1.30.0 1.31.1

redis 8.6.4 (patch — HIGH urgency bug fixes)

  • No breaking changes or migrations required
  • 16 critical bug fixes including: AArch64 startup fix, cluster crash prevention, XREADGROUP stream replication consistency, Sentinel config injection security patch, integer overflow in SCAN COUNT, TCP deadlock prevention

nginx 1.31.1 (minor — multiple security CVE fixes)

  • CVE-2026-9256: heap buffer overflow in ngx_http_rewrite_module (1.31.1)
  • CVE-2026-42926, CVE-2026-42945, CVE-2026-42946, CVE-2026-42934: various buffer overflow/overread fixes (1.31.0)
  • CVE-2026-40460: HTTP/3 connection migration address spoofing (1.31.0)
  • CVE-2026-40701: use-after-free in DNS with ssl_ocsp (1.31.0)

Operator Action Required

nginx 1.31.x breaking change: HTTP/2 and HTTP/3 requests with hop-by-hop headers (Connection, Proxy-Connection, Keep-Alive, Transfer-Encoding, Upgrade) are now rejected. This is correct HTTP/2 behavior per RFC 7540 §8.1.2.2 and affects only non-conformant clients. Standard browsers and well-behaved proxies are unaffected. No config changes needed for this recipe.

Recipe version bump

0.8.0+v0.18.0 → 0.9.0+v0.18.0 (minor bump due to nginx minor version with breaking change)

Tested green on the cc-ci recipe CI server (full suite, cold, against this PR head). NOT merged — for operator review.

cc @trav @notplants

## Upgrade lasuite-drive to 0.9.0+v0.18.0 ### Image tag changes | service | image | current | new | |---------|-------|---------|-----| | redis | redis | 8.6.3 | 8.6.4 | | web | nginx | 1.30.0 | 1.31.1 | ### redis 8.6.4 (patch — HIGH urgency bug fixes) - No breaking changes or migrations required - 16 critical bug fixes including: AArch64 startup fix, cluster crash prevention, XREADGROUP stream replication consistency, Sentinel config injection security patch, integer overflow in SCAN COUNT, TCP deadlock prevention ### nginx 1.31.1 (minor — multiple security CVE fixes) - CVE-2026-9256: heap buffer overflow in ngx_http_rewrite_module (1.31.1) - CVE-2026-42926, CVE-2026-42945, CVE-2026-42946, CVE-2026-42934: various buffer overflow/overread fixes (1.31.0) - CVE-2026-40460: HTTP/3 connection migration address spoofing (1.31.0) - CVE-2026-40701: use-after-free in DNS with ssl_ocsp (1.31.0) ### Operator Action Required **nginx 1.31.x breaking change:** HTTP/2 and HTTP/3 requests with hop-by-hop headers (Connection, Proxy-Connection, Keep-Alive, Transfer-Encoding, Upgrade) are now rejected. This is correct HTTP/2 behavior per RFC 7540 §8.1.2.2 and affects only non-conformant clients. Standard browsers and well-behaved proxies are unaffected. No config changes needed for this recipe. ### Recipe version bump 0.8.0+v0.18.0 → 0.9.0+v0.18.0 (minor bump due to nginx minor version with breaking change) Tested green on the cc-ci recipe CI server (full suite, cold, against this PR head). NOT merged — for operator review. cc @trav @notplants
autonomic-bot added 1 commit 2026-06-05 02:51:07 +00:00
chore: upgrade to 0.9.0+v0.18.0
All checks were successful
cc-ci/testme cc-ci: success
Details
ffa7d585af
autonomic-bot requested review from trav 2026-06-05 02:51:07 +00:00
autonomic-bot requested review from notplants 2026-06-05 02:51:07 +00:00
autonomic-bot commented 2026-06-05 02:51:11 +00:00
Author
Owner
Copy Link

!testme

!testme
autonomic-bot commented 2026-06-05 02:51:16 +00:00
Author
Owner
Copy Link

🌻 cc-cilasuite-drive @ ffa7d585 passed

cc-ci result card

level

full logs · dashboard

<!-- cc-ci:testme --> 🌻 **cc-ci** — `lasuite-drive` @ `ffa7d585` ✅ **passed** [![cc-ci result card](https://ci.commoninternet.net/runs/189/summary.png)](https://drone.ci.commoninternet.net/recipe-maintainers/cc-ci/189) [![level](https://ci.commoninternet.net/runs/189/badge.svg)](https://drone.ci.commoninternet.net/recipe-maintainers/cc-ci/189) [full logs](https://drone.ci.commoninternet.net/recipe-maintainers/cc-ci/189) · [dashboard](https://ci.commoninternet.net/)
trav closed this pull request 2026-06-09 16:16:41 +00:00
All checks were successful
cc-ci/testme cc-ci: success
Details

Pull request closed

Please reopen this pull request to perform a merge.
Sign in to join this conversation.
Reviewers
No Reviewers
trav
notplants
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
autonomic autonomic-bot notplants trav
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: recipe-maintainers/lasuite-drive#1
No description provided.
Delete Branch "upgrade-0.9.0+v0.18.0"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?