* Security bugfixes
- Service-level multivalued options now override (rather than append
to) global defaults, preventing unintended configurations.
* Bugfixes
- Fixed a memory leak introduced in version 5.73.
- Fixed a startup crash when both global (default) and service-level
lists of values are configured for an option.
- Avoid attempting to fetch OCSP stapling for PSK-only configuration
sections.
- Fixed enabling/disabling of the default fips=yes property.
- Missing OCSP stapling is no longer logged as an error.
- Fixed a crash when a PIN was required due to the PKCS#11
CKA_ALWAYS_AUTHENTICATE attribute.
* Features
- Support for zstd and brotli compression with OpenSSL 3.2 and TLS 1.2
or older.
- Support for new "options" parameter values.
- Less bloated errors on an invalid configuration file.
- Documentation updated from Pod to Pandoc Markdown.
- Merged applicable patches Debian:
- Use SOURCE_DATE_EPOCH for reproducible builds.
- Skip the OpenSSL version check when AUTOPKGTEST_TMP is set.
- Log client IP addresses on TLS errors.
- Multiple cert sources are supported, allowing a certificate to be
fetched from a provider while loading the chain from a file.
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2026-8b1d4173cePlease log in to add feedback.
This update has been submitted for testing by clang.
This update's test gating status has been changed to 'ignored'.
This update has been pushed to testing.
This update has been submitted for stable by bodhi.
There is an ongoing freeze; this will be pushed to stable after the freeze is over.
This update has been pushed to stable.