MediaMTX
v1.19.0 2 Juni 2026 om 23:49

v1.19.0

MediaMTX

Door: github-actions[bot]

2 Juni 2026 om 23:49

New major features

Media-over-QUIC

support reading and publishing with Media-over-QUIC (#5815) Media-over-QUIC is a streaming protocol built upon cutting edge protocols (QUIC, HTTP3) and browser APIs (WebTransport, WebCodecs). It's slightly faster than WebRTC, has an advanced data recovery mechanism, it supports additional codecs (FLAC) and is less complicated to route. Check the documentation for instructions and details.

RTMP

support reading and writing FLAC (#5778) (#5789)

HLS

support reading and publishing FLAC (#5778) (#5791)

Fixes and improvements

General

Add user agent field to RTMP, RTSP, WebRTC, and HLS (#5753)
add --check-version command line flag (#5786) this allows to check whether a new version is available without upgrading.
use file name suffix for OS-specific code wherever possible (#5787)
fix two hot reloading cases (#5817) * reload SRT server when metrics server is reloaded * reload API server when RTMPS server is reloaded

RTSP

client: trigger TCP timeout only if nothing is received (bluenviron/gortsplib#1002) (bluenviron/gortsplib#968) (bluenviron/gortsplib#1067) Previously, a data packet was required, now a keepalive response from the server is enough.
sdp: support non-standard 'meta' media type (bluenviron/gortsplib#1068)
forbid H264 packetization mode zero (bluenviron/gortsplib#1072) Packetization mode zero requires allowing inefficient and brittle fragmented UDP packets, which we are not.

RTMP

client: add FLAC fourCC (bluenviron/gortmplib#73)
do not exit in case of undocumented Flash control messages (#5512) (bluenviron/gortmplib#75)

HLS

remove redundant JavaScript argument (#5806)
muxer: fix race condition when generating playlist (bluenviron/gohlslib#359) (bluenviron/gohlslib#360) Max age of playlist depends on segments, so it needs to be covered by the segment mutex.
muxer: use coherent version in all playlists (#5781) (bluenviron/gohlslib#363)

WebRTC

make JavaScript internal variables private (#5804)
fix connectivity after network changes (#5097) (#5818)

RPI Camera

use timestamp of frame in text overlay (#2733) (bluenviron/mediamtx-rpicamera#103)

Dependencies

code.cloudfoundry.org/bytefmt updated from v0.72.0 to v0.74.0
github.com/abema/go-mp4 updated from v1.5.0 to v1.6.0
github.com/bluenviron/gohlslib/v2 updated from v2.3.2 to v2.4.0
github.com/bluenviron/gortmplib updated from v0.3.2 to v0.4.0
github.com/bluenviron/gortsplib/v5 updated from v5.5.3 to v5.5.4
github.com/bluenviron/mediacommon/v2 updated from v2.8.3 to v2.9.0
github.com/go-git/go-git/v5 updated from v5.19.0 to v5.19.1
github.com/matthewhartstonge/argon2 updated from v1.5.3 to v1.5.4
github.com/pion/ice/v4 updated from v4.2.5 to v4.2.7
github.com/pion/transport/v4 updated from v4.0.1 to v4.0.2
github.com/pion/webrtc/v4 updated from v4.2.12 to v4.2.14
golang.org/x/crypto updated from v0.51.0 to v0.52.0
golang.org/x/net updated from v0.54.0 to v0.55.0
golang.org/x/sys updated from v0.44.0 to v0.45.0
github.com/pion/dtls/v3 updated from v3.1.2 to v3.1.3
github.com/pion/sctp updated from v1.9.5 to v1.10.0
github.com/pion/srtp/v3 updated from v3.0.10 to v3.0.11
github.com/pion/stun/v3 updated from v3.1.2 to v3.1.4
github.com/pion/turn/v5 updated from v5.0.3 to v5.0.7
github.com/quic-go/webtransport-go v0.10.0 added
golang.org/x/sync v0.20.0 added
github.com/dunglas/httpsfv v1.1.0 added
github.com/bluenviron/mediamtx-rpicamera updated from v2.5.7 to v2.6.0

Security

Binaries are compiled from source code by the Release workflow, which is a fully-visible process that prevents any change or external interference in produced artifacts.

Checksums of binaries are also published in a public blockchain by using GitHub Attestations, and they can be verified by running:

ls mediamtx_* | xargs -L1 gh attestation verify --repo bluenviron/mediamtx

You can verify checksums of binaries by downloading checksums.sha256 and running:

cat checksums.sha256 | grep "$(ls mediamtx_*)" | sha256sum --check

Google Chrome
Stable Channel Update for Desktop 5 Juni 2026 om 00:27

Stable Channel Update for Desktop

Google Chrome

5 Juni 2026 om 00:27

The Chrome team is delighted to announce the promotion of Chrome 149 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.

Chrome 149.0.7827.53 (Linux) 149.0.7827.53/54 Windows/Mac contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 149.

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 429 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$97000][498904293] Critical CVE-2026-10881: Out of bounds read and write in ANGLE. Reported by Anonymous on 2026-04-02

[$43000][503420443] Critical CVE-2026-10882: Use after free in Network. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-04-17

[$5000][503768143] Critical CVE-2026-10883: Out of bounds write in ANGLE. Reported by Maher Azzouzi on 2026-04-17

[N/A][503617302] Critical CVE-2026-10884: Use after free in Chromecast. Reported by Google on 2026-04-17

[N/A][504072665] Critical CVE-2026-10885: Use after free in Chrome for iOS. Reported by Google on 2026-04-18

[TBD][505096898] Critical CVE-2026-10886: Use after free in FileSystem. Reported by Andrew Boni on 2026-04-21

[N/A][505204771] Critical CVE-2026-10887: Use after free in Chromoting. Reported by Google on 2026-04-22

[N/A][505815080] Critical CVE-2026-10888: Use after free in Cast Streaming. Reported by Google on 2026-04-23

[N/A][513003797] Critical CVE-2026-10889: Out of bounds read in ANGLE. Reported by Google on 2026-05-14

[N/A][513136593] Critical CVE-2026-10890: Use after free in Cast. Reported by Google on 2026-05-14

[N/A][513160681] Critical CVE-2026-10891: Use after free in GFX. Reported by Google on 2026-05-14

[N/A][513165325] Critical CVE-2026-10892: Out of bounds write in GPU. Reported by Google on 2026-05-14

[N/A][513231432] Critical CVE-2026-10893: Use after free in Chromoting. Reported by Google on 2026-05-14

[N/A][513445101] Critical CVE-2026-10894: Use after free in Printing. Reported by Google on 2026-05-15

[N/A][513454018] Critical CVE-2026-10895: Use after free in Ozone. Reported by Google on 2026-05-15

[N/A][513514692] Critical CVE-2026-10896: Use after free in Chrome for iOS. Reported by Google on 2026-05-15

[N/A][513543143] Critical CVE-2026-10897: Out of bounds write in GPU. Reported by Google on 2026-05-15

[N/A][513946753] Critical CVE-2026-10898: Stack buffer overflow in GPU. Reported by Google on 2026-05-17

[N/A][516653777] Critical CVE-2026-10899: Use after free in Ozone. Reported by Google on 2026-05-26

[N/A][516878683] Critical CVE-2026-10900: Use after free in Passwords. Reported by Google on 2026-05-26

[N/A][516957738] Critical CVE-2026-10901: Use after free in Passwords. Reported by Google on 2026-05-27

[N/A][517046249] Critical CVE-2026-10902: Use after free in Ozone. Reported by Google on 2026-05-27

[$11000][503422316] High CVE-2026-10903: Use after free in WebRTC. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-04-17

[$8000][506855825] High CVE-2026-10904: Inappropriate implementation in V8. Reported by 303f06e3 on 2026-04-27

[$5000][487357841] High CVE-2026-10905: Use after free in Network. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-25

[$3000][503420438] High CVE-2026-10906: Use after free in WebAuthentication. Reported by Weipeng Jiang (@Krace) of VRI on 2026-04-17

[$2000][489071023] High CVE-2026-10907: Out of bounds write in ANGLE. Reported by sweetchip on 2026-03-02

[$2000][505045913] High CVE-2026-10908: Use after free in FullScreen. Reported by Mihnea Nicolau on 2026-04-21

[$1000][508092644] High CVE-2026-10909: Use after free in Dawn. Reported by whiter@xuanyusec on 2026-04-30

[$500][508811477] High CVE-2026-10910: Type Confusion in V8. Reported by Mufeed VH from Winfunc Research (winfunc.com) on 2026-05-02

[N/A][495819067] High CVE-2026-10911: Insufficient validation of untrusted input in Media. Reported by Google on 2026-03-24

[N/A][496614553] High CVE-2026-10912: Insufficient validation of untrusted input in Extensions. Reported by Google on 2026-03-26

[N/A][497450927] High CVE-2026-10913: Use after free in ANGLE. Reported by Google on 2026-03-29

[N/A][497574371] High CVE-2026-10914: Use after free in ANGLE. Reported by Google on 2026-03-30

[N/A][497612174] High CVE-2026-10915: Use after free in Core. Reported by Google on 2026-03-30

[N/A][497643690] High CVE-2026-10916: Insufficient validation of untrusted input in DevTools. Reported by Google on 2026-03-30

[N/A][497929481] High CVE-2026-10917: Insufficient validation of untrusted input in Media. Reported by Google on 2026-03-30

[N/A][498259721] High CVE-2026-10918: Use after free in Viz. Reported by Google on 2026-03-31

[N/A][498872764] High CVE-2026-10919: Use after free in ANGLE. Reported by Google on 2026-04-02

[N/A][498977444] High CVE-2026-10920: Insufficient validation of untrusted input in WebShare. Reported by Google on 2026-04-02

[N/A][499159695] High CVE-2026-10921: Integer overflow in Dawn. Reported by Google on 2026-04-03

[N/A][499164652] High CVE-2026-10922: Insufficient validation of untrusted input in DevTools. Reported by Google on 2026-04-03

[N/A][499423683] High CVE-2026-10923: Use after free in WebAppInstalls. Reported by Google on 2026-04-04

[N/A][500055357] High CVE-2026-10924: Integer overflow in Chromecast. Reported by Google on 2026-04-06

[N/A][500071763] High CVE-2026-10925: Out of bounds write in Skia. Reported by Google on 2026-04-06

[N/A][500075522] High CVE-2026-10926: Use after free in Cast. Reported by Google on 2026-04-06

[N/A][500090141] High CVE-2026-10927: Out of bounds read in Dawn. Reported by Google on 2026-04-06

[N/A][500124367] High CVE-2026-10928: Script injection in Headless. Reported by Google on 2026-04-06

[N/A][500429259] High CVE-2026-10929: Heap buffer overflow in ANGLE. Reported by Google on 2026-04-07

[N/A][500472605] High CVE-2026-10930: Out of bounds read in ANGLE. Reported by Google on 2026-04-07

[TBD][501115599] High CVE-2026-10931: Use after free in FileSystem. Reported by asjidkalam on 2026-04-10

[N/A][501335606] High CVE-2026-10932: Use after free in UI. Reported by Google on 2026-04-10

[N/A][501557633] High CVE-2026-10933: Use after free in Audio. Reported by Google on 2026-04-11

[N/A][501594107] High CVE-2026-10934: Use after free in Autofill. Reported by Google on 2026-04-11

[N/A][501898683] High CVE-2026-10935: Inappropriate implementation in V8. Reported by Google on 2026-04-12

[N/A][502439789] High CVE-2026-10936: Type Confusion in V8. Reported by Google on 2026-04-14

[N/A][502651056] High CVE-2026-10937: Inappropriate implementation in Passwords. Reported by Google on 2026-04-14

[N/A][502681591] High CVE-2026-10938: Insufficient validation of untrusted input in Input. Reported by Google on 2026-04-14

[N/A][503502607] High CVE-2026-10939: Use after free in WebRTC. Reported by Google on 2026-04-17

[N/A][503879873] High CVE-2026-10940: Race in Codecs. Reported by Google on 2026-04-17

[N/A][503958940] High CVE-2026-10941: Out of bounds memory access in Skia. Reported by Google on 2026-04-18

[N/A][504104263] High CVE-2026-10942: Insufficient validation of untrusted input in UI. Reported by Google on 2026-04-18

[TBD][504194151] High CVE-2026-10943: Use after free in WebRTC. Reported by Rayyan Kadar on 2026-04-20

[N/A][504215814] High CVE-2026-10944: Insufficient policy enforcement in Autofill. Reported by Google on 2026-04-19

[N/A][504417768] High CVE-2026-10945: Use after free in PDF. Reported by Google on 2026-04-20

[N/A][504587797] High CVE-2026-10946: Heap buffer overflow in Media. Reported by Google on 2026-04-20

[N/A][504597736] High CVE-2026-10947: Use after free in WebRTC. Reported by Google on 2026-04-20

[N/A][504599749] High CVE-2026-10948: Use after free in WebRTC. Reported by Google on 2026-04-20

[N/A][504644843] High CVE-2026-10949: Heap buffer overflow in Video. Reported by Google on 2026-04-20

[N/A][505123022] High CVE-2026-10950: Insufficient policy enforcement in Autofill. Reported by Google on 2026-04-21

[N/A][505191883] High CVE-2026-10951: Use after free in Autofill. Reported by Google on 2026-04-22

[N/A][505231370] High CVE-2026-10952: Use after free in Chrome for iOS. Reported by Google on 2026-04-22

[N/A][506147564] High CVE-2026-10953: Use after free in Core. Reported by Google on 2026-04-24

[N/A][506150628] High CVE-2026-10954: Use after free in Actor. Reported by Google on 2026-04-24

[N/A][506374676] High CVE-2026-10955: Type Confusion in ANGLE. Reported by Google on 2026-04-25

[N/A][506375731] High CVE-2026-10956: Use after free in MimeHandlerView. Reported by Google on 2026-04-25

[N/A][506377279] High CVE-2026-10957: Use after free in Glic. Reported by Google on 2026-04-25

[N/A][507251069] High CVE-2026-10958: Use after free in Chrome for iOS. Reported by Google on 2026-04-28

[N/A][507258648] High CVE-2026-10959: Use after free in Input. Reported by Google on 2026-04-28

[N/A][507258786] High CVE-2026-10960: Uninitialized Use in Codecs. Reported by Google on 2026-04-28

[N/A][508281950] High CVE-2026-10961: Use after free in Chrome for iOS. Reported by Google on 2026-04-30

[N/A][511006880] High CVE-2026-10962: Type Confusion in Media. Reported by Google on 2026-05-08

[N/A][511218177] High CVE-2026-10963: Integer overflow in V8. Reported by Google on 2026-05-08

[N/A][511228272] High CVE-2026-10964: Integer overflow in V8. Reported by Google on 2026-05-08

[N/A][511290038] High CVE-2026-10965: Integer overflow in DevTools. Reported by Google on 2026-05-08

[N/A][511713779] High CVE-2026-10966: Insufficient validation of untrusted input in Codecs. Reported by Google on 2026-05-10

[N/A][511714900] High CVE-2026-10967: Use after free in SurfaceCapture. Reported by Google on 2026-05-10

[N/A][511758373] High CVE-2026-10968: Insufficient validation of untrusted input in Dawn. Reported by Google on 2026-05-10

[N/A][511765713] High CVE-2026-10969: Insufficient validation of untrusted input in Extensions. Reported by Google on 2026-05-10

[N/A][512772489] High CVE-2026-10970: Insufficient validation of untrusted input in InterestGroups. Reported by Google on 2026-05-13

[N/A][513005991] High CVE-2026-10971: Insufficient validation of untrusted input in Printing. Reported by Google on 2026-05-14

[N/A][513006660] High CVE-2026-10972: Use after free in Ozone. Reported by Google on 2026-05-14

[N/A][513042859] High CVE-2026-10973: Uninitialized Use in Dawn. Reported by Google on 2026-05-14

[N/A][513135862] High CVE-2026-10974: Insufficient validation of untrusted input in ANGLE. Reported by Google on 2026-05-14

[N/A][513154132] High CVE-2026-10975: Use after free in WebRTC. Reported by Google on 2026-05-14

[N/A][513249847] High CVE-2026-10976: Uninitialized Use in Dawn. Reported by Google on 2026-05-14

[N/A][513340227] High CVE-2026-10977: Uninitialized Use in Skia. Reported by Google on 2026-05-14

[N/A][513394258] High CVE-2026-10978: Use after free in Chromoting. Reported by Google on 2026-05-15

[N/A][513468021] High CVE-2026-10979: Out of bounds read in ANGLE. Reported by Google on 2026-05-15

[N/A][513713927] High CVE-2026-10980: Insufficient validation of untrusted input in DevTools. Reported by Google on 2026-05-16

[N/A][513762354] High CVE-2026-10981: Insufficient validation of untrusted input in Codecs. Reported by Google on 2026-05-16

[N/A][513774197] High CVE-2026-10982: Use after free in WebXR. Reported by Google on 2026-05-16

[N/A][513947609] High CVE-2026-10983: Insufficient validation of untrusted input in Dawn. Reported by Google on 2026-05-17

[N/A][514022635] High CVE-2026-10984: Inappropriate implementation in Accessibility. Reported by Google on 2026-05-17

[N/A][514082801] High CVE-2026-10985: Out of bounds read in Skia. Reported by Google on 2026-05-17

[N/A][514744613] High CVE-2026-10986: Integer overflow in Media. Reported by Google on 2026-05-19

[N/A][515431687] High CVE-2026-10987: Integer overflow in V8. Reported by Google on 2026-05-21

[N/A][515465685] High CVE-2026-10988: Use after free in Views. Reported by Google on 2026-05-21

[N/A][516311623] High CVE-2026-10989: Inappropriate implementation in V8. Reported by Google on 2026-05-25

[$4000][506311914] Medium CVE-2026-10990: Use after free in Glic. Reported by Weipeng Jiang (@Krace) of VRI on 2026-04-25

[$3000][503553614] Medium CVE-2026-10991: Use after free in V8. Reported by Alisa Esage (@alisaesage) on 2026-04-17

[$2000][493534964] Medium CVE-2026-10992: Insufficient data validation in Animation. Reported by heapracer (@heapracer) on 2026-03-17

[$2000][504160794] Medium CVE-2026-10993: Heap buffer overflow in Skia. Reported by M. Fauzan Wijaya (Gh05t666nero) on 2026-04-19

[$2000][504820809] Medium CVE-2026-10994: Uninitialized Use in ANGLE. Reported by Mufeed VH from Winfunc Research (winfunc.com) on 2026-04-21

[$2000][505371980] Medium CVE-2026-10995: Heap buffer overflow in TabStrip. Reported by Sven Dysthe (@svn-dys) on 2026-04-22

[TBD][40051700] Medium CVE-2026-10996: Inappropriate implementation in Workers. Reported by Jayateertha Guruprasad on 2024-12-23

[TBD][464217867] Medium CVE-2026-10997: Insufficient policy enforcement in Extensions. Reported by djallalakira@gmail.com on 2025-11-28

[TBD][486536242] Medium CVE-2026-10998: Out of bounds read in Media. Reported by Ameen Basha M K on 2026-02-22

[TBD][489369089] Medium CVE-2026-10999: Out of bounds memory access in ANGLE. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-04

[TBD][492374380] Medium CVE-2026-11000: Use after free in Fonts. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-13

[N/A][493691489] Medium CVE-2026-11001: Incorrect security UI in Payments. Reported by Google on 2026-03-18

[TBD][494740162] Medium CVE-2026-11002: Use after free in Autofill. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-21

[TBD][494823867] Medium CVE-2026-11003: Use after free in WebRTC. Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab on 2026-03-21

[TBD][494823889] Medium CVE-2026-11004: Out of bounds read in ANGLE. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-22

[TBD][495052581] Medium CVE-2026-11005: Out of bounds read in ANGLE. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-22

[N/A][495489174] Medium CVE-2026-11006: Out of bounds read in Dawn. Reported by Google on 2026-03-23

[N/A][495834228] Medium CVE-2026-11007: Insufficient validation of untrusted input in WebView. Reported by Google on 2026-03-24

[N/A][495864099] Medium CVE-2026-11008: Insufficient validation of untrusted input in WebAppInstalls. Reported by Google on 2026-03-24

[N/A][496233132] Medium CVE-2026-11009: Use after free in USB. Reported by Google on 2026-03-25

[TBD][496266444] Medium CVE-2026-11010: Use after free in WebShare. Reported by David Sievers on 2026-03-26

[N/A][496702621] Medium CVE-2026-11011: Insufficient policy enforcement in Password Manager. Reported by Google on 2026-03-26

[N/A][497000161] Medium CVE-2026-11012: Use after free in Serial. Reported by Google on 2026-03-27

[N/A][497056412] Medium CVE-2026-11013: Insufficient validation of untrusted input in Network. Reported by Google on 2026-03-28

[N/A][497058611] Medium CVE-2026-11014: Insufficient policy enforcement in Extensions. Reported by Google on 2026-03-28

[TBD][497183443] Medium CVE-2026-11015: Out of bounds read in WebGPU. Reported by Yuma Takeuchi on 2026-03-29

[N/A][497278395] Medium CVE-2026-11016: Insufficient validation of untrusted input in Network. Reported by Google on 2026-03-28

[N/A][497336872] Medium CVE-2026-11017: Inappropriate implementation in Link Preview. Reported by Google on 2026-03-29

[N/A][497342466] Medium CVE-2026-11018: Insufficient policy enforcement in Actor. Reported by Google on 2026-03-29

[N/A][497344640] Medium CVE-2026-11019: Inappropriate implementation in Payments. Reported by Google on 2026-03-29

[N/A][497440270] Medium CVE-2026-11020: Inappropriate implementation in Extensions. Reported by Google on 2026-03-29

[N/A][497487755] Medium CVE-2026-11021: Insufficient validation of untrusted input in GPU. Reported by Google on 2026-03-29

[N/A][497532918] Medium CVE-2026-11022: Insufficient validation of untrusted input in DevTools. Reported by Google on 2026-03-29

[N/A][497538899] Medium CVE-2026-11023: Insufficient validation of untrusted input in WebAppInstalls. Reported by Google on 2026-03-29

[N/A][497591594] Medium CVE-2026-11024: Stack buffer overflow in Skia. Reported by Google on 2026-03-30

[N/A][497595264] Medium CVE-2026-11025: Insufficient policy enforcement in Navigation. Reported by Google on 2026-03-30

[N/A][497599683] Medium CVE-2026-11026: Insufficient policy enforcement in Extensions. Reported by Google on 2026-03-30

[N/A][497604407] Medium CVE-2026-11027: Insufficient validation of untrusted input in Glic. Reported by Google on 2026-03-30

[N/A][497627277] Medium CVE-2026-11028: Use after free in Media. Reported by Google on 2026-03-30

[N/A][497651688] Medium CVE-2026-11029: Insufficient validation of untrusted input in Drag and Drop. Reported by Google on 2026-03-30

[N/A][497722502] Medium CVE-2026-11030: Use after free in Network. Reported by Google on 2026-03-30

[N/A][497748760] Medium CVE-2026-11031: Insufficient validation of untrusted input in Password Manager. Reported by Google on 2026-03-30

[N/A][497831111] Medium CVE-2026-11032: Insufficient data validation in Password Manager. Reported by Google on 2026-03-30

[N/A][497926664] Medium CVE-2026-11033: Uninitialized Use in WebML. Reported by Google on 2026-03-30

[N/A][497934980] Medium CVE-2026-11034: Insufficient validation of untrusted input in Tab Group Sync. Reported by Google on 2026-03-30

[N/A][497936421] Medium CVE-2026-11035: Insufficient validation of untrusted input in Custom Tabs. Reported by Google on 2026-03-30

[N/A][497964917] Medium CVE-2026-11036: Inappropriate implementation in DOM. Reported by Google on 2026-03-30

[N/A][497971287] Medium CVE-2026-11037: Out of bounds write in Codecs. Reported by Google on 2026-03-31

[N/A][498080391] Medium CVE-2026-11038: Insufficient validation of untrusted input in Subresource Integrity. Reported by Google on 2026-03-31

[N/A][498204112] Medium CVE-2026-11039: Uninitialized Use in Skia. Reported by Google on 2026-03-31

[N/A][498371085] Medium CVE-2026-11040: Use after free in ANGLE. Reported by Google on 2026-04-01

[N/A][498700369] Medium CVE-2026-11041: Insufficient validation of untrusted input in Media. Reported by Google on 2026-04-01

[N/A][498720094] Medium CVE-2026-11042: Use after free in Views. Reported by Google on 2026-04-01

[N/A][498721316] Medium CVE-2026-11043: Out of bounds write in ANGLE. Reported by Google on 2026-04-01

[N/A][498724803] Medium CVE-2026-11044: Integer overflow in ANGLE. Reported by Google on 2026-04-01

[N/A][498727111] Medium CVE-2026-11045: Insufficient validation of untrusted input in GPU. Reported by Google on 2026-04-01

[N/A][498728857] Medium CVE-2026-11046: Insufficient validation of untrusted input in Media. Reported by Google on 2026-04-01

[N/A][498768132] Medium CVE-2026-11047: Insufficient validation of untrusted input in Base. Reported by Google on 2026-04-02

[N/A][498808432] Medium CVE-2026-11048: Inappropriate implementation in Extensions. Reported by Google on 2026-04-02

[N/A][498815068] Medium CVE-2026-11049: Use after free in Password Manager. Reported by Google on 2026-04-02

[N/A][498818402] Medium CVE-2026-11050: Use after free in V8. Reported by Google on 2026-04-02

[TBD][498828605] Medium CVE-2026-11051: Out of bounds read in ANGLE. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-04-02

[N/A][498834967] Medium CVE-2026-11052: Type Confusion in GPU. Reported by Google on 2026-04-02

[N/A][498841456] Medium CVE-2026-11053: VULNERABILITY in WebRTC. Reported by Google on 2026-04-02

[N/A][498845284] Medium CVE-2026-11054: Use after free in WebRTC. Reported by Google on 2026-04-02

[N/A][498881735] Medium CVE-2026-11055: Use after free in ANGLE. Reported by Google on 2026-04-02

[N/A][498887785] Medium CVE-2026-11056: Insufficient validation of untrusted input in SiteIsolation. Reported by Google on 2026-04-02

[N/A][498951946] Medium CVE-2026-11057: Uninitialized Use in Skia. Reported by Google on 2026-04-02

[N/A][498986406] Medium CVE-2026-11058: Integer overflow in CredentialProvider. Reported by Google on 2026-04-02

[N/A][498991983] Medium CVE-2026-11059: Use after free in Blink. Reported by Google on 2026-04-02

[N/A][499018355] Medium CVE-2026-11060: Use after free in Media. Reported by Google on 2026-04-02

[N/A][499031961] Medium CVE-2026-11061: Out of bounds read in ANGLE. Reported by Google on 2026-04-02

[N/A][499033012] Medium CVE-2026-11062: Insufficient policy enforcement in Extensions. Reported by Google on 2026-04-02

[N/A][499051067] Medium CVE-2026-11063: Insufficient validation of untrusted input in WebNN. Reported by Google on 2026-04-02

[N/A][499075743] Medium CVE-2026-11064: Uninitialized Use in GPU. Reported by Google on 2026-04-02

[N/A][499093536] Medium CVE-2026-11065: Use after free in ANGLE. Reported by Google on 2026-04-03

[N/A][499124128] Medium CVE-2026-11066: Insufficient validation of untrusted input in ANGLE. Reported by Google on 2026-04-03

[N/A][499140183] Medium CVE-2026-11067: Uninitialized Use in Dawn. Reported by Google on 2026-04-03

[N/A][499194333] Medium CVE-2026-11068: Use after free in WebSockets. Reported by Google on 2026-04-03

[N/A][499213367] Medium CVE-2026-11069: Insufficient validation of untrusted input in Cast. Reported by Google on 2026-04-03

[N/A][499225384] Medium CVE-2026-11070: Insufficient validation of untrusted input in Chromoting. Reported by Google on 2026-04-03

[N/A][499227659] Medium CVE-2026-11071: Use after free in Base. Reported by Google on 2026-04-03

[N/A][499238195] Medium CVE-2026-11072: Use after free in WebView. Reported by Google on 2026-04-03

[N/A][499365904] Medium CVE-2026-11073: Use after free in WebGL. Reported by Google on 2026-04-03

[TBD][499587071] Medium CVE-2026-11074: Use after free in WebRTC. Reported by boboliverfrancishoward@gmail.com on 2026-04-05

[TBD][499659070] Medium CVE-2026-11075: Out of bounds read in V8. Reported by JunYoung Park(@candymate) of KAIST Hacking Lab on 2026-04-06

[N/A][499784386] Medium CVE-2026-11076: Type Confusion in CSS. Reported by Google on 2026-04-05

[TBD][499908918] Medium CVE-2026-11077: Out of bounds read in Dawn. Reported by Anonymous on 2026-04-06

[TBD][499917177] Medium CVE-2026-11078: Insufficient validation of untrusted input in FileSystem. Reported by Eran Rom of Palo Alto Networks on 2026-04-06

[N/A][500028989] Medium CVE-2026-11079: Insufficient validation of untrusted input in Codecs. Reported by Google on 2026-04-06

[N/A][500032538] Medium CVE-2026-11080: Use after free in WebView. Reported by Google on 2026-04-06

[N/A][500076131] Medium CVE-2026-11081: Policy bypass in Canvas. Reported by Google on 2026-04-06

[N/A][500079715] Medium CVE-2026-11082: Use after free in GPU. Reported by Google on 2026-04-06

[N/A][500095743] Medium CVE-2026-11083: Inappropriate implementation in Password Manager. Reported by Google on 2026-04-06

[N/A][500124500] Medium CVE-2026-11084: Inappropriate implementation in Password Manager. Reported by Google on 2026-04-06

[N/A][500132379] Medium CVE-2026-11085: Integer overflow in GPU. Reported by Google on 2026-04-06

[N/A][500140111] Medium CVE-2026-11086: Insufficient validation of untrusted input in Dawn. Reported by Google on 2026-04-07

[N/A][500140149] Medium CVE-2026-11087: Uninitialized Use in ANGLE. Reported by Google on 2026-04-07

[N/A][500144879] Medium CVE-2026-11088: Integer overflow in ANGLE. Reported by Google on 2026-04-07

[N/A][500154880] Medium CVE-2026-11089: Uninitialized Use in Media. Reported by Google on 2026-04-07

[N/A][500161302] Medium CVE-2026-11090: Uninitialized Use in ANGLE. Reported by Google on 2026-04-07

[N/A][500162791] Medium CVE-2026-11091: Inappropriate implementation in Dawn. Reported by Google on 2026-04-07

[N/A][500170887] Medium CVE-2026-11092: Insufficient policy enforcement in DevTools. Reported by Google on 2026-04-07

[N/A][500172365] Medium CVE-2026-11093: Insufficient validation of untrusted input in Printing. Reported by Google on 2026-04-07

[N/A][500174874] Medium CVE-2026-11094: Use after free in Codecs. Reported by Google on 2026-04-07

[N/A][500293394] Medium CVE-2026-11095: Insufficient validation of untrusted input in Codecs. Reported by Google on 2026-04-07

[N/A][500296311] Medium CVE-2026-11096: Out of bounds read in WebRTC. Reported by Google on 2026-04-07

[N/A][500311718] Medium CVE-2026-11097: Inappropriate implementation in WebView. Reported by Google on 2026-04-07

[N/A][500315455] Medium CVE-2026-11098: Insufficient validation of untrusted input in GPU. Reported by Google on 2026-04-07

[N/A][500414865] Medium CVE-2026-11099: Vulnerability in Skia. Reported by Google on 2026-04-07

[N/A][500416901] Medium CVE-2026-11100: Use after free in File Input. Reported by Google on 2026-04-07

[N/A][500443031] Medium CVE-2026-11101: Uninitialized Use in Dawn. Reported by Google on 2026-04-07

[N/A][500468338] Medium CVE-2026-11102: Inappropriate implementation in Isolated Web Apps. Reported by Google on 2026-04-07

[N/A][500483038] Medium CVE-2026-11103: Inappropriate implementation in Installer. Reported by Google on 2026-04-07

[N/A][500501226] Medium CVE-2026-11104: Uninitialized Use in ANGLE. Reported by Google on 2026-04-08

[N/A][500505339] Medium CVE-2026-11105: Insufficient validation of untrusted input in WebUI. Reported by Google on 2026-04-08

[N/A][500508725] Medium CVE-2026-11106: Inappropriate implementation in Media. Reported by Google on 2026-04-08

[N/A][500510384] Medium CVE-2026-11107: Inappropriate implementation in Downloads. Reported by Google on 2026-04-08

[N/A][500517053] Medium CVE-2026-11108: Inappropriate implementation in NFC. Reported by Google on 2026-04-08

[N/A][500524833] Medium CVE-2026-11109: Uninitialized Use in ANGLE. Reported by Google on 2026-04-08

[N/A][500528864] Medium CVE-2026-11110: Uninitialized Use in ANGLE. Reported by Google on 2026-04-08

[N/A][500530720] Medium CVE-2026-11111: Out of bounds read in ANGLE. Reported by Google on 2026-04-08

[N/A][500541413] Medium CVE-2026-11112: Insufficient validation of untrusted input in Chromoting. Reported by Google on 2026-04-08

[N/A][500560764] Medium CVE-2026-11113: Insufficient validation of untrusted input in ANGLE. Reported by Google on 2026-04-08

[N/A][501360342] Medium CVE-2026-11114: Use after free in Device Trust. Reported by Google on 2026-04-10

[N/A][501370283] Medium CVE-2026-11115: Use after free in Updater. Reported by Google on 2026-04-10

[N/A][501376612] Medium CVE-2026-11116: Use after free in Chromoting. Reported by Google on 2026-04-10

[N/A][501403820] Medium CVE-2026-11117: Use after free in Views. Reported by Google on 2026-04-10

[N/A][501424047] Medium CVE-2026-11118: Use after free in WebRTC. Reported by Google on 2026-04-10

[N/A][501461853] Medium CVE-2026-11119: Insufficient validation of untrusted input in GPU. Reported by Google on 2026-04-10

[N/A][501467566] Medium CVE-2026-11120: Insufficient validation of untrusted input in Enterprise Reporting. Reported by Google on 2026-04-10

[N/A][501483855] Medium CVE-2026-11121: Insufficient validation of untrusted input in Skia. Reported by Google on 2026-04-10

[N/A][501485453] Medium CVE-2026-11122: Inappropriate implementation in Keyboard. Reported by Google on 2026-04-10

[N/A][501505198] Medium CVE-2026-11123: Uninitialized Use in ANGLE. Reported by Google on 2026-04-10

[N/A][501511299] Medium CVE-2026-11124: Heap buffer overflow in Skia. Reported by Google on 2026-04-10

[N/A][501517520] Medium CVE-2026-11125: Use after free in Compositing. Reported by Google on 2026-04-10

[N/A][501528031] Medium CVE-2026-11126: Insufficient validation of untrusted input in DevTools. Reported by Google on 2026-04-10

[N/A][501535295] Medium CVE-2026-11127: Inappropriate implementation in WebAPKs. Reported by Google on 2026-04-10

[N/A][501541341] Medium CVE-2026-11128: Insufficient validation of untrusted input in Web Share. Reported by Google on 2026-04-10

[N/A][501541962] Medium CVE-2026-11129: Inappropriate implementation in Extensions. Reported by Google on 2026-04-10

[N/A][501546443] Medium CVE-2026-11130: Use after free in Media. Reported by Google on 2026-04-11

[N/A][501561644] Medium CVE-2026-11131: Use after free in Autofill. Reported by Google on 2026-04-11

[N/A][501597365] Medium CVE-2026-11132: Policy bypass in Paint. Reported by Google on 2026-04-11

[N/A][501606085] Medium CVE-2026-11133: Insufficient policy enforcement in Paint. Reported by Google on 2026-04-11

[N/A][501640084] Medium CVE-2026-11134: Insufficient data validation in Media. Reported by Google on 2026-04-11

[N/A][501644835] Medium CVE-2026-11135: Insufficient policy enforcement in Autofill. Reported by Google on 2026-04-11

[TBD][501646327] Medium CVE-2026-11136: Use after free in Canvas. Reported by Jungwoo Lee (@physicube) and Wongi Lee (@_qwerty_po) on 2026-04-11

[N/A][501647943] Medium CVE-2026-11137: Uninitialized Use in ANGLE. Reported by Google on 2026-04-11

[N/A][501650354] Medium CVE-2026-11138: Uninitialized Use in ANGLE. Reported by Google on 2026-04-11

[N/A][501650594] Medium CVE-2026-11139: Policy bypass in Paint. Reported by Google on 2026-04-11

[N/A][501659253] Medium CVE-2026-11140: Insufficient validation of untrusted input in Chromecast. Reported by Google on 2026-04-11

[N/A][501667839] Medium CVE-2026-11141: Uninitialized Use in Audio. Reported by Google on 2026-04-11

[N/A][501668745] Medium CVE-2026-11142: Policy bypass in Paint. Reported by Google on 2026-04-11

[N/A][501674219] Medium CVE-2026-11143: Heap buffer overflow in Extensions. Reported by Google on 2026-04-11

[N/A][501676175] Medium CVE-2026-11144: Use after free in Media. Reported by Google on 2026-04-11

[N/A][501683745] Medium CVE-2026-11145: Race in Geolocation. Reported by Google on 2026-04-11

[N/A][501709220] Medium CVE-2026-11146: Insufficient validation of untrusted input in Chromoting. Reported by Google on 2026-04-11

[N/A][501731689] Medium CVE-2026-11147: Use after free in WebML. Reported by Google on 2026-04-11

[N/A][501738451] Medium CVE-2026-11148: Inappropriate implementation in Payments. Reported by Google on 2026-04-11

[N/A][501739206] Medium CVE-2026-11149: Insufficient validation of untrusted input in Extensions. Reported by Google on 2026-04-11

[N/A][501740299] Medium CVE-2026-11150: Inappropriate implementation in XML. Reported by Google on 2026-04-11

[N/A][501740323] Medium CVE-2026-11151: Insufficient validation of untrusted input in Password Manager. Reported by Google on 2026-04-11

[N/A][501762953] Medium CVE-2026-11152: Object lifecycle issue in Dawn. Reported by Google on 2026-04-11

[N/A][501779840] Medium CVE-2026-11153: Side-channel information leakage in Forms. Reported by Google on 2026-04-12

[N/A][501789156] Medium CVE-2026-11154: Use after free in Dawn. Reported by Google on 2026-04-12

[N/A][501801823] Medium CVE-2026-11155: Insufficient policy enforcement in CSS. Reported by Google on 2026-04-12

[N/A][501810226] Medium CVE-2026-11156: Inappropriate implementation in CSS. Reported by Google on 2026-04-12

[N/A][501823385] Medium CVE-2026-11157: Script injection in Accessibility. Reported by Google on 2026-04-12

[N/A][501844153] Medium CVE-2026-11158: Insufficient validation of untrusted input in Downloads. Reported by Google on 2026-04-12

[N/A][501861921] Medium CVE-2026-11159: Uninitialized Use in Skia. Reported by Google on 2026-04-12

[N/A][501862016] Medium CVE-2026-11160: Out of bounds read in Input. Reported by Google on 2026-04-12

[N/A][501920294] Medium CVE-2026-11161: Insufficient data validation in DataTransfer. Reported by Google on 2026-04-12

[N/A][502035074] Medium CVE-2026-11162: Insufficient policy enforcement in CSS. Reported by Google on 2026-04-13

[N/A][502072755] Medium CVE-2026-11163: Use after free in Messages. Reported by Google on 2026-04-13

[N/A][502089411] Medium CVE-2026-11164: Use after free in Blink. Reported by Google on 2026-04-13

[N/A][502099949] Medium CVE-2026-11165: Use after free in WebMIDI. Reported by Google on 2026-04-13

[N/A][502118936] Medium CVE-2026-11166: Inappropriate implementation in SVG. Reported by Google on 2026-04-13

[N/A][502228856] Medium CVE-2026-11167: Inappropriate implementation in WebView. Reported by Google on 2026-04-13

[N/A][502256049] Medium CVE-2026-11168: Insufficient policy enforcement in Extensions. Reported by Google on 2026-04-13

[N/A][502285273] Medium CVE-2026-11169: Inappropriate implementation in XML. Reported by Google on 2026-04-13

[N/A][502322596] Medium CVE-2026-11170: Inappropriate implementation in Chromoting. Reported by Google on 2026-04-13

[N/A][502322843] Medium CVE-2026-11171: Integer overflow in Blink. Reported by Google on 2026-04-13

[TBD][502328201] Medium CVE-2026-11172: Incorrect security UI in Contact Picker. Reported by mochazril.ti@gmail.com on 2026-04-14

[N/A][502337304] Medium CVE-2026-11173: Out of bounds write in V8. Reported by Google on 2026-04-14

[N/A][502348223] Medium CVE-2026-11174: Insufficient policy enforcement in Site Isolation. Reported by Google on 2026-04-14

[N/A][502368088] Medium CVE-2026-11175: Incorrect security UI in Messages. Reported by Google on 2026-04-14

[N/A][502371717] Medium CVE-2026-11176: Inappropriate implementation in Media. Reported by Google on 2026-04-14

[TBD][502449864] Medium CVE-2026-11177: Use after free in Omnibox. Reported by gevakun on 2026-04-14

[N/A][502501810] Medium CVE-2026-11178: Policy bypass in WebView. Reported by Google on 2026-04-14

[N/A][502615170] Medium CVE-2026-11179: Inappropriate implementation in ORB. Reported by Google on 2026-04-14

[N/A][502631225] Medium CVE-2026-11180: Policy bypass in SVG. Reported by Google on 2026-04-14

[N/A][502633299] Medium CVE-2026-11181: Inappropriate implementation in Media Session. Reported by Google on 2026-04-14

[N/A][502651014] Medium CVE-2026-11182: Inappropriate implementation in SVG. Reported by Google on 2026-04-14

[N/A][502768780] Medium CVE-2026-11183: Out of bounds read in GWP-ASan. Reported by Google on 2026-04-15

[N/A][502777516] Medium CVE-2026-11184: Insufficient policy enforcement in Actor. Reported by Google on 2026-04-15

[N/A][502784366] Medium CVE-2026-11185: Use after free in V8. Reported by Google on 2026-04-15

[N/A][502805170] Medium CVE-2026-11186: Inappropriate implementation in CSS. Reported by Google on 2026-04-15

[N/A][502819675] Medium CVE-2026-11187: Insufficient policy enforcement in Glic. Reported by Google on 2026-04-15

[N/A][502959826] Medium CVE-2026-11188: Use after free in USB. Reported by Google on 2026-04-15

[TBD][503197481] Medium CVE-2026-11189: Insufficient validation of untrusted input in DevTools. Reported by lebr0nli of National Yang Ming Chiao Tung University, Dept. of CS, Security and Systems Lab on 2026-04-16

[N/A][503375371] Medium CVE-2026-11190: Insufficient policy enforcement in Extensions. Reported by Google on 2026-04-16

[N/A][503392431] Medium CVE-2026-11191: Out of bounds memory access in ANGLE. Reported by Google on 2026-04-16

[N/A][503490678] Medium CVE-2026-11192: Insufficient validation of untrusted input in Password Manager. Reported by Google on 2026-04-17

[N/A][503642586] Medium CVE-2026-11193: Insufficient policy enforcement in Password Manager. Reported by Google on 2026-04-17

[N/A][503719488] Medium CVE-2026-11194: Inappropriate implementation in Network. Reported by Google on 2026-04-17

[N/A][503865896] Medium CVE-2026-11195: Inappropriate implementation in MHTML. Reported by Google on 2026-04-17

[N/A][503879106] Medium CVE-2026-11196: Type Confusion in XML. Reported by Google on 2026-04-17

[TBD][504073872] Medium CVE-2026-11197: Insufficient policy enforcement in Workers. Reported by VEZEKA on 2026-04-19

[N/A][504395300] Medium CVE-2026-11198: Insufficient validation of untrusted input in Codecs. Reported by Google on 2026-04-20

[N/A][504572664] Medium CVE-2026-11199: Insufficient validation of untrusted input in WebRTC. Reported by Google on 2026-04-20

[N/A][504579798] Medium CVE-2026-11200: Inappropriate implementation in WebRTC. Reported by Google on 2026-04-20

[TBD][505068950] Medium CVE-2026-11201: Use after free in ServiceWorker. Reported by Weipeng Jiang (@Krace) of VRI on 2026-04-22

[N/A][505144022] Medium CVE-2026-11202: Insufficient validation of untrusted input in Chrome for iOS. Reported by Google on 2026-04-22

[N/A][505192638] Medium CVE-2026-11203: Policy bypass in GPU. Reported by Google on 2026-04-22

[N/A][505200733] Medium CVE-2026-11204: Inappropriate implementation in Signin. Reported by Google on 2026-04-22

[N/A][505290253] Medium CVE-2026-11205: Insufficient validation of untrusted input in Chrome for iOS. Reported by Google on 2026-04-22

[TBD][505427216] Medium CVE-2026-11206: Policy bypass in ServiceWorker. Reported by David Bors, Catalin Iovita on 2026-04-23

[N/A][506127858] Medium CVE-2026-11207: Insufficient validation of untrusted input in Autofill. Reported by Google on 2026-04-24

[N/A][506387278] Medium CVE-2026-11208: Use after free in Codecs. Reported by Google on 2026-04-25

[N/A][506391032] Medium CVE-2026-11209: Insufficient policy enforcement in Passwords. Reported by Google on 2026-04-25

[N/A][506473226] Medium CVE-2026-11210: Insufficient policy enforcement in Safe Browsing. Reported by Google on 2026-04-25

[N/A][506629455] Medium CVE-2026-11211: Integer overflow in V8. Reported by Google on 2026-04-26

[N/A][507216833] Medium CVE-2026-11212: Insufficient policy enforcement in DevTools. Reported by Google on 2026-04-28

[N/A][507382702] Medium CVE-2026-11213: Insufficient validation of untrusted input in Reading Mode. Reported by Google on 2026-04-28

[N/A][508257850] Medium CVE-2026-11214: Inappropriate implementation in Chrome for iOS. Reported by Google on 2026-04-30

[N/A][513446116] Medium CVE-2026-11215: Inappropriate implementation in Cronet. Reported by Google on 2026-05-15

[$3000][474583539] Low CVE-2026-11216: Incorrect security UI in File Input. Reported by Azza Tegar Naufal Ataullah on 2026-01-10

[$3000][487564032] Low CVE-2026-11217: Insufficient policy enforcement in Fenced Frames. Reported by Tianyi Hu on 2026-02-25

[$2000][476862276] Low CVE-2026-11218: Inappropriate implementation in PlatformIntegration. Reported by Han Liu (Xi’an Jiaotong University, School of Cyber Science and Engineering)
on 2026-01-19

[$2000][480074849] Low CVE-2026-11219: Insufficient data validation in Navigation. Reported by Bharat (mrnoob) on 2026-01-30

[$2000][487300831] Low CVE-2026-11220: Insufficient validation of untrusted input in Navigation. Reported by Tianyi Hu on 2026-02-24

[$1500][492211919] Low CVE-2026-11221: Insufficient validation of untrusted input in PointerLock. Reported by mihalis.haatainen@bountyy.fi on 2026-03-12

[$1000][458442542] Low CVE-2026-11222: Incorrect security UI in Tab Strip. Reported by Hafiizh on 2025-11-07

[$1000][494800494] Low CVE-2026-11223: Insufficient validation of untrusted input in Network. Reported by Tianyi Hu on 2026-03-21

[$500][502461760] Low CVE-2026-11224: Use after free in Chromoting. Reported by David Bors, Catalin Iovita on 2026-04-14

[$500][503346647] Low CVE-2026-11225: Incorrect security UI in WebUI. Reported by Tareq Ahamed - itztrq on 2026-04-16

[N/A][385662278] Low CVE-2026-11226: Insufficient policy enforcement in PreviewTab. Reported by Google on 2020-03-05

[TBD][448421954] Low CVE-2026-11227: Incorrect security UI in Tab Hover Cards. Reported by Hafiizh on 2025-10-01

[TBD][454484864] Low CVE-2026-11228: Incorrect security UI in File Input. Reported by Umar Farooq on 2025-10-23

[TBD][482713603] Low CVE-2026-11229: Insufficient policy enforcement in Enterprise. Reported by Povcfe of Tencent Security Xuanwu Lab on 2026-02-08

[N/A][493225428] Low CVE-2026-11230: Use after free in Extensions. Reported by Google on 2026-03-16

[N/A][495840862] Low CVE-2026-11231: Inappropriate implementation in Safe Browsing. Reported by Google on 2026-03-24

[N/A][495981782] Low CVE-2026-11232: Inappropriate implementation in TabGroups. Reported by Google on 2026-03-25

[N/A][496088449] Low CVE-2026-11233: Insufficient validation of untrusted input in FoldableAPIs. Reported by Google on 2026-03-25

[N/A][496095145] Low CVE-2026-11234: Insufficient policy enforcement in FoldableAPIs. Reported by Google on 2026-03-25

[N/A][496419374] Low CVE-2026-11235: Insufficient validation of untrusted input in Compositing. Reported by Google on 2026-03-26

[N/A][496427030] Low CVE-2026-11236: Insufficient policy enforcement in Web Bluetooth. Reported by Google on 2026-03-26

[N/A][496617698] Low CVE-2026-11237: Insufficient validation of untrusted input in Media. Reported by Google on 2026-03-26

[N/A][496705691] Low CVE-2026-11238: Inappropriate implementation in DevTools. Reported by Google on 2026-03-26

[N/A][497025738] Low CVE-2026-11239: Insufficient validation of untrusted input in Extensions. Reported by Google on 2026-03-27

[N/A][497030032] Low CVE-2026-11240: Insufficient validation of untrusted input in Loader. Reported by Google on 2026-03-27

[N/A][497203741] Low CVE-2026-11241: Insufficient validation of untrusted input in Cast. Reported by Google on 2026-03-28

[N/A][497385823] Low CVE-2026-11242: Insufficient validation of untrusted input in Plugins. Reported by Google on 2026-03-29

[N/A][497394061] Low CVE-2026-11243: Incorrect security UI in Downloads. Reported by Google on 2026-03-29

[N/A][497609145] Low CVE-2026-11244: Insufficient validation of untrusted input in WebAuthentication. Reported by Google on 2026-03-30

[N/A][497610654] Low CVE-2026-11245: Inappropriate implementation in Payments. Reported by Google on 2026-03-30

[N/A][497660733] Low CVE-2026-11246: Insufficient validation of untrusted input in IndexedDB. Reported by Google on 2026-03-30

[N/A][497865734] Low CVE-2026-11247: Insufficient policy enforcement in CustomTabs. Reported by Google on 2026-03-30

[N/A][497946941] Low CVE-2026-11248: Policy bypass in Google Lens. Reported by Google on 2026-03-30

[N/A][497989379] Low CVE-2026-11249: Use after free in Network. Reported by Google on 2026-03-31

[N/A][498281224] Low CVE-2026-11250: Inappropriate implementation in DevTools. Reported by Google on 2026-03-31

[N/A][498301853] Low CVE-2026-11251: Insufficient validation of untrusted input in Password Manager. Reported by Google on 2026-03-31

[N/A][498373018] Low CVE-2026-11252: Policy bypass in Content Settings. Reported by Google on 2026-04-01

[N/A][498397912] Low CVE-2026-11253: Race in Permissions. Reported by Google on 2026-04-01

[N/A][498405554] Low CVE-2026-11254: Inappropriate implementation in Permissions. Reported by Google on 2026-04-01

[N/A][498417152] Low CVE-2026-11255: Insufficient validation of untrusted input in Storage Access API. Reported by Google on 2026-04-01

[N/A][498856565] Low CVE-2026-11256: Out of bounds read in GPU. Reported by Google on 2026-04-02

[N/A][499051898] Low CVE-2026-11257: Inappropriate implementation in Browser. Reported by Google on 2026-04-02

[N/A][499078161] Low CVE-2026-11258: Inappropriate implementation in File System Access. Reported by Google on 2026-04-02

[N/A][499215943] Low CVE-2026-11259: Insufficient validation of untrusted input in Cast. Reported by Google on 2026-04-03

[N/A][499257860] Low CVE-2026-11260: Policy bypass in Permissions. Reported by Google on 2026-04-03

[N/A][499262832] Low CVE-2026-11261: Insufficient validation of untrusted input in PDF. Reported by Google on 2026-04-03

[N/A][499386363] Low CVE-2026-11262: Use after free in TabStrip. Reported by Google on 2026-04-03

[N/A][500044225] Low CVE-2026-11263: Insufficient policy enforcement in WebAuthentication. Reported by Google on 2026-04-06

[N/A][500099106] Low CVE-2026-11264: Policy bypass in Content Security Policy. Reported by Google on 2026-04-06

[N/A][500262869] Low CVE-2026-11265: Insufficient data validation in Autofill. Reported by Google on 2026-04-07

[N/A][500521311] Low CVE-2026-11266: Policy bypass in SafeBrowsing. Reported by Google on 2026-04-08

[N/A][500528267] Low CVE-2026-11267: Insufficient policy enforcement in Extensions. Reported by Google on 2026-04-08

[N/A][500528706] Low CVE-2026-11268: Uninitialized Use in ANGLE. Reported by Google on 2026-04-08

[N/A][500551122] Low CVE-2026-11269: Inappropriate implementation in Extensions. Reported by Google on 2026-04-08

[N/A][501504245] Low CVE-2026-11270: Inappropriate implementation in UI. Reported by Google on 2026-04-10

[N/A][501685207] Low CVE-2026-11271: Incorrect security UI in Passwords. Reported by Google on 2026-04-11

[N/A][501747321] Low CVE-2026-11272: Insufficient validation of untrusted input in Reading List. Reported by Google on 2026-04-11

[N/A][501757688] Low CVE-2026-11273: Insufficient validation of untrusted input in Omnibox. Reported by Google on 2026-04-11

[N/A][501760514] Low CVE-2026-11274: Inappropriate implementation in DOM Distiller. Reported by Google on 2026-04-11

[N/A][501763121] Low CVE-2026-11275: Insufficient policy enforcement in Page Info. Reported by Google on 2026-04-11

[N/A][501780338] Low CVE-2026-11276: Inappropriate implementation in Cast. Reported by Google on 2026-04-12

[N/A][501839664] Low CVE-2026-11277: Insufficient policy enforcement in Chrome for iOS. Reported by Google on 2026-04-12

[N/A][501859865] Low CVE-2026-11278: Inappropriate implementation in CustomTabs. Reported by Google on 2026-04-12

[N/A][501878477] Low CVE-2026-11279: Out of bounds read in DevTools. Reported by Google on 2026-04-12

[N/A][501892820] Low CVE-2026-11280: Insufficient validation of untrusted input in Signin. Reported by Google on 2026-04-12

[N/A][501900366] Low CVE-2026-11281: Integer overflow in Chromoting. Reported by Google on 2026-04-12

[N/A][502023400] Low CVE-2026-11282: Policy bypass in Sandbox. Reported by Google on 2026-04-13

[N/A][502069297] Low CVE-2026-11283: Policy bypass in Shortcuts. Reported by Google on 2026-04-13

[N/A][502073069] Low CVE-2026-11284: Side-channel information leakage in PerformanceAPIs. Reported by Google on 2026-04-13

[N/A][502090914] Low CVE-2026-11285: Insufficient policy enforcement in Chrome for iOS. Reported by Google on 2026-04-13

[N/A][502110170] Low CVE-2026-11286: Insufficient validation of untrusted input in Wallet. Reported by Google on 2026-04-13

[N/A][502173136] Low CVE-2026-11287: Insufficient validation of untrusted input in Navigation. Reported by Google on 2026-04-13

[N/A][502231588] Low CVE-2026-11288: Policy bypass in CSS. Reported by Google on 2026-04-13

[N/A][502239897] Low CVE-2026-11289: Side-channel information leakage in Paint. Reported by Google on 2026-04-13

[N/A][502264647] Low CVE-2026-11290: Integer overflow in WebView. Reported by Google on 2026-04-13

[N/A][502346855] Low CVE-2026-11291: Policy bypass in Android Autofill. Reported by Google on 2026-04-14

[N/A][502358901] Low CVE-2026-11292: Policy bypass in Blink. Reported by Google on 2026-04-14

[TBD][502362260] Low CVE-2026-11293: Use after free in Input. Reported by Weipeng Jiang (@Krace) of VRI on 2026-04-14

[N/A][502403953] Low CVE-2026-11294: Inappropriate implementation in Passwords. Reported by Google on 2026-04-14

[N/A][502444677] Low CVE-2026-11295: Inappropriate implementation in WebView. Reported by Google on 2026-04-14

[N/A][502493950] Low CVE-2026-11296: Inappropriate implementation in ImageCapture. Reported by Google on 2026-04-14

[N/A][502502017] Low CVE-2026-11297: Insufficient validation of untrusted input in Reader Mode. Reported by Google on 2026-04-14

[N/A][502503860] Low CVE-2026-11298: Insufficient policy enforcement in Chrome for iOS. Reported by Google on 2026-04-14

[TBD][502598424] Low CVE-2026-11299: Out of bounds read in Fonts. Reported by sharadboni@gmail.com on 2026-04-14

[N/A][503614310] Low CVE-2026-11300: Inappropriate implementation in Permissions. Reported by Google on 2026-04-17

[N/A][504180386] Low CVE-2026-11301: Out of bounds read in LiveCaption. Reported by Google on 2026-04-19

[N/A][504196549] Low CVE-2026-11302: Insufficient policy enforcement in Chrome for iOS. Reported by Google on 2026-04-19

[N/A][504416752] Low CVE-2026-11303: Use after free in PDFium. Reported by Google on 2026-04-20

[N/A][504418475] Low CVE-2026-11304: Use after free in PDFium. Reported by Google on 2026-04-20

[N/A][504545544] Low CVE-2026-11305: Use after free in PDFium. Reported by Google on 2026-04-20

[N/A][504548949] Low CVE-2026-11306: Use after free in PDFium. Reported by Google on 2026-04-20

[N/A][504551617] Low CVE-2026-11307: Use after free in PDFium. Reported by Google on 2026-04-20

[N/A][505945112] Low CVE-2026-11308: Inappropriate implementation in Extensions. Reported by Google on 2026-04-24

[N/A][506392934] Low CVE-2026-11309: Insufficient policy enforcement in History. Reported by Google on 2026-04-25

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.

Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Srinivas Sista

Google Chrome

DistroWatch
Distribution Release: Clonezilla Live 3.3.2-31 2 Juni 2026 om 20:13

Distribution Release: Clonezilla Live 3.3.2-31

DistroWatch

Door: distro@distrowatch.com

2 Juni 2026 om 20:13

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. Clonezilla Live is a Debian-based live CD containing Clonezilla, a partition and disk cloning software. The project's latest announcement brings Clonezilla Live up to date with Debian's "Unstable" repository: "Stable Clonezilla Live 3.3.2-31 released. This release of Clonezilla live includes major enhancements and bug fixes. Enhancements and changes....

Apple Newsroom
Apple reveals winners of the 2026 Apple Design Awards 2 Juni 2026 om 19:00

Apple reveals winners of the 2026 Apple Design Awards

Apple Newsroom

Door: Apple Newsroom

2 Juni 2026 om 19:00

Apple announces the winners of the 2026 Apple Design Awards, recognizing outstanding app and game design across six categories.

Apple reveals winners of the 2026 Apple Design Awards

Minecraft
Minecraft 26.2-pre-3 (snapshot) Released 2 Juni 2026 om 13:48

Minecraft 26.2-pre-3 (snapshot) Released

Minecraft

2 Juni 2026 om 13:48

26.2 Pre-Release 3 (known as 26.2-pre-3 in the launcher) is the third pre-release for Java Edition 26.2, released on June 2, 2026. Full changelog: https://minecraft.wiki/Java_Edition_26.2-pre-3

Planet Debian
Ben Hutchings: FOSS activity in 2025 2 Juni 2026 om 16:17

Ben Hutchings: FOSS activity in 2025

Planet Debian

2 Juni 2026 om 16:17

This was a particularly busy month for me in terms of Debian contributions.

It started with a week in Hamburg for the MiniDebConf. I talked to many colleagues face-to-face and worked on various bugs and maintenance tasks. I’m pleased to have finally found the time to reproduce and fix the boot-time crashes in the parallel port subsystem that have been reported many times recently.

A series of easily exploited kernel LPE (local privilege execution) issues were published this month, mostly with very little coordination with distributions. Salvatore and I had to upload fixes for these at roughly weekly intervals. All of these fixes needed to be applied to 4 different upstream branches (currently 5.10, 6.1, 6.12, and 7.0) and 7 Debian branches (including backports).

Debian packages:
- cis-tools:
  - Bugs:
    - replied to #1135267: pack_cis should be installed in /usr/bin
- dracut:
  - Bugs:
    - replied to #1131809: dracut: ppc64el autopkgtest are flaky and take 7 hours per run (and discussed it in-person in Hamburg)
- firmware-free:
  - Bugs:
    - closed #1122755: firmware-free: Please remove/replace usage of dh_movetousr
  - Merge requests:
    - opened !11: Apply relevant changes from firmware-nonfree
- firmware-nonfree:
  - Merge requests:
    - closed !68: Draft: Update bullseye in line with buster
    - reviewed and merged !146: gencontrol: s/initramfs-tools/update-initramfs/
    - merged !147: control: stop suggesting initramfs-tools
    - opened and merged !148: Update to 20260519
    - opened and merged !149: Include more firmware in binary packages
    - opened !150: Update and remove obsolete package relations
- gnome-shell:
  - Bugs:
    - replied to and reassigned #1135951: linux-image-6.12.85+deb13-amd64: secure data is visible when waking from suspsend
- initramfs-tools:
  - Bugs:
    - closed #1108924: initramfs-tools: Cannot boot Trixie d-i rc2 USB storage target riscv64 MODULES=most (missing: cdns3 cdns3_starfive)
  - Merge requests:
  - Uploads:
    - uploaded version 0.148.4 to trixie
- ktls-utils:
  - Merge requests:
    - merged !5: Update to 1.4.0
  - Uploads:
    - uploaded version 1.4.0-1 to unstable
- linux:
  - Bugs:
    - replied to #1130365: linux-image-6.18.15+deb14-amd64: kernel panic during startup
    - replied to #1136800: linux-image-7.0.4+deb14-amd64: fails to boot
    - replied to #1136894: linux-image-7.0.4+deb14-amd64: Kernel Panic - AMDGPU crash
    - replied to #1136978: linux-image-7.0.4+deb14-amd64: kernel NULL pointer dereference
    - replied to and closed #1137202: linux-image-7.1-amd64: Kernel panic on boot
    - replied to #1137203: bnx2: ifupdown-hotplug fails at boot, no network, regression from 5.10.0-42
    - replied to #1137642: linux-image-7.0.7+deb13-amd64: Failed to load Bluetooth driver
  - Merge requests:
    - closed !1720: arm64: Enable Renesas RZ/G2L features
    - merged !1759: [arm64] Enable AIR_EN8811H_PHY as module
    - merged !1792: [arm64] Enable BST platform support
    - closed !1817: [sparc64] Add patches to fix user stack sync and add clone3() syscall
    - merged !1837: [arm64] Enable configs for Qualcomm RB1 boards
    - reviewed !1845: [amd64,arm64] Enable KEXEC_HANDOVER and LIVEUPDATE
    - merged !1878: [riscv64] Enable CMA and DMA_CMA. Set CMA_SIZE_MBYTES=64
    - merged !1884: [amd64] Enable Intel USBIO bridge driver and submodules
    - opened !1904: Improve package descriptions for most of the kernel packages
    - reviewed and merged !1906: Enable SND_SOC_SDCA_CLASS and SND_SOC_SDCA_{FDL, HID, IRQ} for Panther Lake audio support
    - opened and merged !1910: Add backported patches for Dirty Frag attack
    - merged !1911: Qualcomm Monaco and Talos support
    - merged !1913: d/watch: migrate to version 5
    - reviewed !1936: [sparc64] Add nvme module to scsi-modules udeb
    - reviewed !1948: [amd64] Enable Intel Platform Hardware Support Drivers
    - opened and merged !1951: Fix dirtying of the source tree when building tools
    - merged !1954: 7.0 backport ‘Fix for “fragnesia” (CVE-2026-46300) and variants’
    - merged !1955: 6.12 backport ‘Fix for “fragnesia” (CVE-2026-46300) and variants’
    - opened !1956: Draft: Enable a fully parallel build
  - Uploads:
    - (LTS) uploaded versions 5.10.251-2, 5.10.251-3, 5.10.251-4, 5.10.251-5, 5.10.257-1 to bullseye-security
    - uploaded versions 6.12.85-1~bpo12+1, 6.12.86-1~bpo12+1, 6.12.88-1~bpo12+1, 6.12.90-1~bpo12+1, 6.12.90-2~bpo12+1 to bookworm-backports
    - uploaded versions 6.19.14-1~bpo13+1, 7.0.10-1~bpo13+1, 7.0.4-1~bpo13+1, 7.0.7-1~bpo13+1, 7.0.9-1~bpo13+1 to trixie-backports
- (LTS) linux-6.1:
  - Uploads:
    - uploaded versions 6.1.170-1~deb11u1, 6.1.170-3~deb11u1, 6.1.172-1~deb11u1, 6.1.174-1~deb11u1 to bullseye-security
- miniramfs:
  - Bugs:
    - replied to #1132532: miniramfs: Missing cpio dependency
- nfs-utils:
  - Bugs:
    - replied to and closed #1138209: nfs-kernel-server: Parameter RPCNFSDCOUNT from /etc/default/nfs-kernel-server is ignored after Upgrade from Deb12
- wireless-regdb:
  - Uploads:
    - uploaded version 2026.03.18-1 to unstable
Debian non-package bugs:
- release.debian.org:
  - opened #1135902: trixie-pu: package initramfs-tools/0.148.4
Mailing lists:

SCS Software
American Truck Simulator: 1.60 Update Open Beta 2 Juni 2026 om 09:42

American Truck Simulator: 1.60 Update Open Beta

SCS Software

Door: David

2 Juni 2026 om 09:42

We’re excited to share that the 1.60 Open Beta for American Truck Simulator is now available for players to try out. If you decide to join the beta, we’d really appreciate it if you report any bugs or issues you encounter in the appropriate section of our official forums.

Your feedback plays a huge role in helping us improve the game, and we truly value the time and effort you put into testing these new features and changes. Now, let’s dive into what you can expect in the 1.60 Open Beta update:

Game Radio

With Update 1.60, we are introducing Game Radio, a brand-new in-game radio system designed to make every drive feel more immersive and authentic. Rather than just playing music, Game Radio gives you five stations with their own distinct sounds, identities, and moods, each one built to shape the atmosphere of your journey in a different way.

At launch, players can tune into Rust FM, Escape, PUMP IT!, Pop Gear, and Roadio, spanning guitar-driven rock and American roots music to electronic, pop, and lo-fi. Each station features carefully curated tracks, handpicked to hold up across many hours on the road. Escape is also the only stream-safe station at launch, designed to help content creators avoid copyright claims.

Game Radio also introduces a new in-game widget displaying station info, track titles, and artist names while driving. Players can customize widget behavior through the Widget Options menu (F6). This update also brings a range of improvements to the existing radio and music player systems.

Game Radio arrives with its musical foundation in place, with more planned for future updates. You can find out more information about Game Radio in our dedicated blog post.

Improved Material System

The Improved Material System significantly improves the lighting and visual quality of vehicle interiors in selected trucks. Its main focus is to enhance how interior materials react to light, which will result in a more readable, detailed, and visually pleasing cabin environment.

During the development of Project Road Trip, we implemented a wide range of visual and technical improvements. One of the most significant changes was a redesign of the materials used in vehicle interiors. As a result, it makes differences between materials such as leather, fabric, plastic, and metal far more apparent, even in low-light conditions. The new solution uses multiple variants of dynamic cubemaps, allowing all materials to reflect their surroundings more naturally and respond to ambient light in a more realistic way.

The entire system was designed from the start with the interiors of trucks in both games in mind, so the base games and their existing fleets will gradually benefit from these improvements as well. The first trucks to benefit from the Improved Material System in ATS will be the Mack Anthem and the Western Star 49X. With future updates, we will gradually add this technology for other trucks across both games. You can read more about this feature here.

Light Tweaks

We have carried out minor adjustments to the global lighting, primarily focused on exposure and contrast balancing, along with subtle visual refinements for bad weather conditions. The work mainly consisted of smoothing out and polishing the overall visuals to achieve a more consistent and refined look.

Players' Company Paint Jobs

After over a year of development as a passion project for the ATS community, players are now able to customize their trucks and trailers with a brand-new collection of company-themed paint jobs inspired by the selectable company identities available when creating a driver profile. These designs bring a more cohesive and professional visual style to your fleet while fitting naturally into the world of ATS.

One of the biggest focuses during development was ensuring that every paint job feels unique, depending on the type of trailer it is applied to. Rather than simply using one design across all trailer models, our teams carefully adapted each company's paint scheme to match the shapes and details of different trailer types. Whether you’re hauling cargo with a tanker, transporting materials in a dumper, or pulling a traditional box trailer, each variant features its own tailored details and layout. You can find out more in our blog here.

Job Details Widget

Based on feedback from our #BestCommunityEver and upcoming widget designs, the Job Details Widget will be introduced with the 1.60 update. Its primary purpose will be to enable a new, more immediate, and concise way of displaying the relevant job info. Also, in response to community feedback, the GPS will now display the estimated arrival day and time, along with the remaining travel time and distance.

Once added, you'll be able to enable the Job Details Widget through the Widget Options menu (F6). The widget will display key job information, including cargo type and weight, delivery location, job income (colour-highlighted), and the remaining time to complete the job, so players will have this info available immediately without the necessity to pause the game. You can read more about the feature here.

Expanded Rest Mechanic

This new feature gives players greater control over their rest periods by allowing them to choose how long they want to sleep and exactly when they want to wake up, instead of being limited to a predefined rest duration.

Alongside this change, the Fatigue system will now be split into two separate values: Rest State and Mandatory Break, each represented by its own icon in the UI.

The Rest State, symbolised by a bed icon, will now gradually deplete rather than recover over time. Extended periods of driving will steadily reduce the Rest State, while resting will restore it at a faster rate.

The Mandatory Break system, indicated by a "P" icon along with the remaining hours before a required stop, will function more strictly. In American Truck Simulator, drivers can stay on the road for up to 14 hours before they must take a mandatory break, requiring 10 consecutive hours of rest afterward. You can read more about this feature here.

Changelog:

Vehicles

Players' Company Paint Jobs

Visual

Improved Material System
Light Tweaks

Sound

Game Radio

UI/UX

Job Details Widget
Expanded Rest Mechanic

Enjoy all the new additions, but please remember: It's only an open beta, not a stable public version, so you may encounter bugs, instability, or crashes. It's completely okay if you want to wait for the final release. But if you're interested in helping us to get there faster, we'd appreciate all of your feedback on our forum and your bug reports in the dedicated section.

Please check our modding wiki to get details pertaining to mods for the game.

If you wish to participate in this Open Beta, you can find this version in the Experimental Beta branch on Steam. The way to access it is as follows: Steam client → LIBRARY → right-click on American Truck Simulator → Properties → Betas tab → Beta Participation drop-down menu → public_beta. No password is required. Sometimes you will have to restart your Steam client to see the correct branch name there.

VersityGW
v1.5.0 2 Juni 2026 om 03:43

v1.5.0

VersityGW

Door: benmcclelland

2 Juni 2026 om 03:43

Changelog

3cf10d8 chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/storage/azblob
cd3f2ff chore(deps): bump github.com/Azure/go-ntlmssp from 0.1.0 to 0.1.1
deda805 chore(deps): bump sigstore/cosign-installer from 4.1.1 to 4.1.2
325ab6e chore(deps): bump the dev-dependencies group with 19 updates
fbe2a4b chore(deps): bump the dev-dependencies group with 7 updates
2ed8b78 chore(deps): bump the dev-dependencies group with 9 updates
e4fa31c chore: fix sidecar flag in runtests to correctly pass test option
db3478d chore: update go package dependencies
861c5f5 feat: add bucket metrics tag when request specifies a bucket
d1fba07 feat: add custom route and middleware options
8ae566d feat: add new ErrNoSpaceLeftOnDevice API error for ENOSPC errors
20939bd feat: extract gateway runtime into embeddable package
9f786b3 feat: global error refactoring
cb609e4 feat: replace webui client-side name filter with server-side prefix filter
d2fa265 feat: support sha512, md5, xxhash3, xxhash64, xxhash128 data integrity checksums
e6aa9de fix: apply CORS middleware to admin CreateBucket route
8d5b2be fix: check PutObjectTagging/LegalHold/Retention permissions on PutObject,CopyObject and CreateMultipartUpload
e137e8d fix: connection early termination resulting in internal error
a5fc7c1 fix: decode URL hash in webui before parsing bucket/prefix
5774702 fix: enforce required SignedHeaders validation for SigV4 requests
0e165ed fix: expose x-amz-storage-class in CORS response headers
4ef090d fix: fix empty ownership control rules panic
fe3cfbf fix: forward slash url encoded used as bucket/key separator
ed1ad6b fix: honor explicit public bucket policy deny
2c0844a fix: ignore implicit directories for Get/HeadObject
cd0b4e6 fix: normalize object keys during bucket policy evaluation
e69d073 fix: reject SigV2 requests
eecc1a7 fix: reject invalid PostObject keys
27971f2 fix: remove unsigned chunk reader caching
d498d48 fix: replace misleading webui CORS error toast with generic network error message
dd27c6c fix: scoutfs multipart alignment check for last part
bb3cdd9 fix: skip integration tests not compatible in sidecar
5cb5541 fix: store object multipart upload metadata compressed

Planet Debian
Amin Bandali: Free software activities in May 2026 1 Juni 2026 om 04:30

Amin Bandali: Free software activities in May 2026

Planet Debian

1 Juni 2026 om 04:30

Hello and welcome to my May 2026 free software activities report. A lot's been going on in my life offline so I took a bit of a hiatus from doing these reports, but I've had a fairly productive month of May so I thought it'd be nice to do another one for this month.

GNU & FSF

GNU Emacs:
- ffs-0.2.2: I finally polished and published my ffs package for GNU Emacs on GNU ELPA. Many thanks to Protesilaos for rounds of code review and feedback for improving and polishing the package in preparation for submission to GNU ELPA.
- bug#81101: Trying to visit https://www.emacswiki.org in EWW I noticed it fails with a Somebody wants you to give them money error due to the anti-bot challenge being served with a HTTP 402 (Payment Required) response. So I landed a patch 12eec781ed6 to no longer do that. Thanks to Emacs comaintainer Sean Whitton for reviewing and approving my proposed patch.
- bug#81107: I noticed that in EWW, unlike <input type="submit"> HTML buttons, <button> elements were not tab-stoppable, leading to poorer usability and accessibility. So I landed a patch ec3d662de0b to fix that. Thanks to Emacs comaintainer Eli Zaretskii for reviewing, providing feedback, and accepting my proposed change.
- Emacs Chat with Sacha Chua: I joined Sacha for a new episode of her Emacs Chat podcast, where we talked about Emacs and life. I gave a quick tour of my Emacs configuration, discussing at length my configurations for EXWM (Emacs X Window Manager) among other topics like Emacs's facility for visually indicating buffer boundaries in the fringe by setting indicate-buffer-boundaries and my convenience configuration macros.
maintainers@: I started the next long-overdue round of emails to GNU package maintainers to confirm the contact information we have on file for them and get a brief status update about their packages. Emails are sent in small batches to keep the workload of handling the responses manageable for assistant GNUisances.
GNU Spotlight: I prepared and sent the May GNU Spotlight to the FSF campaigns team for publication on the FSF's community blog and the monthly Free Software Supporter newsletter.

Debian

I've begun the work toward updating the Jami package in Debian unstable again, which means I need to package new releases of its direct and indirect dependencies. For OpenDHT, I need to update RESTinio, and to do that I first need to package expected-lite and sobjectizer for Debian:

#1120837: ITP: expected-lite – expected objects for C++11 and later
#1137609: ITP: sobjectizer – C++ implementation of Actor, Publish-Subscribe, and CSP models

I've been working on packaging both and hope to have them uploaded to the archive in the next days and weeks.

That's it for this month's report.

Take care, and so long for now.

DistroWatch
Distribution Release: MocaccinoOS 26.06 1 Juni 2026 om 21:30

Distribution Release: MocaccinoOS 26.06

DistroWatch

Door: distro@distrowatch.com

1 Juni 2026 om 21:30

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. The MocaccinoOS development team has announced the release of MocaccinoOS 26.06, the latest version of the project's set of Gentoo-based Linux distributions featuring a number of popular desktop environments and a custom package manager called "Luet". This release provides a new live image with the COSMIC desktop and....

UpSnap
5.4.1 1 Juni 2026 om 22:03

5.4.1

UpSnap

Door: github-actions[bot]

1 Juni 2026 om 22:03

Note

UpSnap is, and always will be, free and open source software.

If someone is asking you to pay money for access to UpSnap binaries, source code, or licenses, you are being scammed.

The official and only trusted source for UpSnap is this repository (and its linked releases).
Do not pay third parties for something that is provided here for free.

Changelog

Features

66ba9d9: feat: Add language pt-BR (Portuguese Brazilian) (#1743) (@antraxbr666)

Others

24bdf67: update deps (@seriousm4x)

Apple iOS
iOS 26.5.1 (23F81) 1 Juni 2026 om 19:00

iOS 26.5.1 (23F81)

Apple iOS

1 Juni 2026 om 19:00

Apple MacOS
macOS 26.5.1 (25F80) 1 Juni 2026 om 19:00

macOS 26.5.1 (25F80)

Apple MacOS

1 Juni 2026 om 19:00

SCS Software
ATS 1.60: Players' Company Paint Jobs 1 Juni 2026 om 17:00

ATS 1.60: Players' Company Paint Jobs

SCS Software

Door: David

1 Juni 2026 om 17:00

Today, we’re excited to share more details about a feature coming to American Truck Simulator in Update 1.60 - Players’ Company Paint Jobs!

For quite some time, our teams have wanted to expand and improve the way players can represent their in-game trucking companies. After over a year of development as a passion project created especially for the ATS community, we’re happy to finally reveal the results.

With Update 1.60, players will be able to customize their trucks and trailers with a brand-new collection of company-themed paint jobs inspired by the selectable company identities available when creating a driver profile. These designs bring a more cohesive and professional visual style to your fleet while still fitting naturally into the world of American Truck Simulator.

One of the biggest focuses during development was ensuring that every paint job feels unique, depending on the type of trailer it is applied to. Rather than simply stretching one design across all trailer models, our teams carefully adapted each company's paint scheme to match the specific shapes and details of different trailer types.

Whether you’re hauling cargo with a tanker, transporting material in a dumper, or pulling a traditional box trailer, each variant features its own tailored details and layout. Our designers paid close attention to every surface, curve, and accessory to make sure the final result feels authentic and visually balanced across the entire fleet.

Players familiar with the feature in Euro Truck Simulator 2 will also feel right at home with the customization options included in ATS. Every company paint job comes with four pre-made color presets, giving players multiple styles to choose from right away while maintaining a consistent company identity.

We can’t wait for you to hit the road with your newly branded fleet when Update 1.60 arrives for American Truck Simulator. Whether you’re starting a brand-new company or giving your current operation a fresh identity, we hope these new paint jobs help make your journeys feel even more personal.

Until then, be sure to stay connected with us on our social media channels on X/Twitter, Facebook, BlueSky, YouTube, and Instagram, and by subscribing to our newsletter so you don’t miss any future updates! Stay safe and happy truckin'!

DistroWatch
Distribution Release: Linux Lite 8.0 1 Juni 2026 om 13:49

Distribution Release: Linux Lite 8.0

DistroWatch

Door: distro@distrowatch.com

1 Juni 2026 om 13:49

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. Jerry Bezencon has announced the release of Linux Lite 8.0, an Ubuntu-based distribution which makes getting set up and started easy for beginners. "Linux Lite 8.0 final is now available for download. Series 8 represents 14 years of community-driven purpose culminating in Linux Lite's largest development cycle ever:....

DistroWatch
Distribution Release: Network Security Toolkit 44-15105 1 Juni 2026 om 11:56

Distribution Release: Network Security Toolkit 44-15105

DistroWatch

Door: distro@distrowatch.com

1 Juni 2026 om 11:56

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. Ron Henderson has announced the release of Network Security Toolkit (NST) 44-15105, a major new version of the project's Fedora-based Linux distribution featuring a collection of best-of-breed, open-source network security applications: "We are pleased to announce the latest NST release - NST 44 SVN:15105. Based on Fedora 44....

Synology stroomlijnt het C2-portfolio om prioriteit te geven aan hybride cloud; introduceert C2 OneStorage voor gecentraliseerd resourcebeheer

Synology

Door: webmaster@synology.com (Synology Webmaster)

21 Mei 2026 om 18:00

Taipei, Taiwan — 22 mei 2026 — Synology heeft vandaag een strategische heroriëntatie van zijn C2-cloudecosysteem aangekondigd, met als middelpunt de l

Synology
Synology lanceert de PAS7700, een Active-Active NVMe-enterprise-opslagoplossing 19 Mei 2026 om 18:00

Synology lanceert de PAS7700, een Active-Active NVMe-enterprise-opslagoplossing

Synology

Door: webmaster@synology.com (Synology Webmaster)

19 Mei 2026 om 18:00

Amsterdam, Nederland – 21 mei 2026 – Synology heeft de algemene beschikbaarheid van de PAS7700 officieel aangekondigd, het eerste active-active, volle

Synology
Synology voegt RS4826xs+ en RS3626xs toe aan het zakelijke opslagassortiment 12 Mei 2026 om 18:00

Synology voegt RS4826xs+ en RS3626xs toe aan het zakelijke opslagassortiment

Synology

Door: webmaster@synology.com (Synology Webmaster)

12 Mei 2026 om 18:00

Amsterdam, Nederland — 13 mei 2026 — Synology kondigde vandaag de beschikbaarheid aan van de RS4826xs+ en RS3626xs, twee opslagsystemen die zijn ontwi

Synology benoemd als een 'Strong Performer' in het 2026 Gartner™ Voice of the Customer-rapport voor back-up- en gegevensbeschermingsplatforms

Synology

Door: webmaster@synology.com (Synology Webmaster)

29 April 2026 om 18:00

TAIPEI, Taiwan - 11 mei 2026 - Synology kondigde vandaag zijn opname aan in het 2026 Gartner Voice of the Customer for Backup and Data Protection Plat

DistroWatch
DistroWatch Weekly, Issue 1175 1 Juni 2026 om 02:04

DistroWatch Weekly, Issue 1175

DistroWatch

Door: distro@distrowatch.com

1 Juni 2026 om 02:04

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. This week in DistroWatch Weekly:
Review: The PineTab2 with various operating systems
News: Canonical is shutting down Ubuntu's Pastebin, Murena nears 100k users
Questions and answers: Less commonly shared pieces of advice
Released last week: Rhino Linux 2026.1, MX Linux 25.2, AlmaLinux 10.2 and 9.8, IPFire 2.29 Core 202, OviOS Linux....

QNAP
QNAP op COMPUTEX 2026: De toekomst van bedrijfscontinuïteit en Edge AI-innovatie vormgeven 31 Mei 2026 om 18:37

QNAP op COMPUTEX 2026: De toekomst van bedrijfscontinuïteit en Edge AI-innovatie vormgeven

QNAP

31 Mei 2026 om 18:37

{ Taipei, Taiwan, 1 juni 2026 – QNAP® Systems, Inc. nodigt bezoekers uit bij stand J1209a (TaiNEX 1) tijdens COMPUTEX 2026. Onder he ...} More

Dopamine
Dopamine 3.0.5 31 Mei 2026 om 21:51

Dopamine 3.0.5

Dopamine

Door: digimezzo

31 Mei 2026 om 21:51

Added

Added an Adwaita theme, because GNU/Linux deserves some love.
Added Windows taskbar media controls accessible by hovering over the app icon in the taskbar
Added a "Refresh now" button to the main menu
Added ReplayGain support
Added option to show album name on the now playing page
Added possibility to edit the album cover

Changed

Discord Rich Presence says "Listening to" instead of "Playing"
Improved scaling of different parts of the user interface
Updated the Czech translation
Updated the German translation
Updated the Hebrew translation
Updated the Russian translation
Updated the Vietnamese translation

Fixed

Saving a rating to an MP3 file could create an ID3v1 tag, causing genres to be stored and displayed as their numeric ID3v1 code (e.g. "Eurodance" becoming "54")
It is not possible to edit songs from the Songs screen
There is no scroll bar in the smart playlist editor
Loop one does not work correctly when using gapless or crossfading playback
When exiting Dopamine, the Discord status doesn't disappear.
It's not always clear when Dopamine is refreshing the collection

P.S.: If you enjoy Dopamine, please consider donating via PayPal or buying me a coffee. Your support keeps the music going!

Planet Debian
Amin Bandali: Thinking about life - chat with Protesilaos 23 Mei 2026 om 19:30

Amin Bandali: Thinking about life - chat with Protesilaos

Planet Debian

23 Mei 2026 om 19:30

In the recent weeks I've been engaging Prot as a coach to help review my new ffs package for GNU Emacs as I worked on preparing it for inclusion in GNU ELPA, as well as discussing other Emacs- and life-related topics.

UPDATE 2026-05-23 22:39:15 -0400: Prot also published an article about our session on his website: https://protesilaos.com/commentary/2026-05-23-life-issues-and-philosophy-amin-bandali/

In our nearly 2-hour conversation, we discussed at length and in depth various aspects of life in the current times. For instance, feeling overwhelmed in the face of innumerable things happening at once, with technology changing our perception and making events feel proximate and imminent.

We talked about seasonality and rhythms in life, including in relation to burnout and knowing our own limitations, and descriptive vs prescriptive thinking when reflecting on the expectations we may place on our self when comparing our self to others through the lens of our necessarily-incomplete impressions and glimpses of their lives. We discussed absence or loss as a dual to presence or persistence in the process of life. How with our memories and through embodying the philosophy and teachings of departed loved ones their essence and legacy continues to live on within us. But also loss in the sense of us losing parts of our self in life-defining moments while preserving other parts and gaining new ones, being liberated of some of the burdens of our past self and in effect becoming someone else in the process.

In being true to our self, we talked about humans as multi-faceted beings and the importance of expressing and giving a voice to these different aspects of our self, and keeping alive that child-like sense of awe and wonder. To live a life where the pace and rhythms of our environment are in sync with our internal rhythms, and to not give others undue power over us or our happiness through trying to live according to their prescribed standards or expectations.

I also learned more about Prot's practical philosophy of situational awareness in life, not merely as a means for survival, but also as a way of appreciating all of the beauty that surrounds us, and a method for gaining the knowledge and skills to apply what we learn from patterns in one area of life to other areas.

We concluded our session with a mention to the concept of sanctity, to set aside a sacred time or place for our self wherein no distractions are allowed, where we can unwind, rest, and recharge for whatever comes next.

Here is the video recording of our session, which I share with Prot's permission:

You can view or download the full-resolution video from the Internet Archive.

Like Prot, I am invigorated and inspired to live a full, honest life. To do my best, do what I do in earnest, and make the best of what I have.

Take care, and so long for now.

Planet Debian
Amin Bandali: ffs 0.2.2 released 21 Mei 2026 om 23:33

Amin Bandali: ffs 0.2.2 released

Planet Debian

21 Mei 2026 om 23:33

ffs provides a minor mode for simple plain text presentations in Emacs, where the slides are separated using the page-delimiter, by default the form feed character (^L).

I wrote ffs in early 2022 for my LibrePlanet 2022 presentation the Net beyond the Web, and earlier this year decided to polish it towards being a proper package and submit it to GNU ELPA. The manual still needs some more work, but the overall package is in pretty good shape so I submitted for inclusion in GNU ELPA.

Package name (GNU ELPA): ffs
Official manual: https://kelar.org/~bandali/gnu/emacs/ffs.html
Change log: https://kelar.org/~bandali/gnu/emacs/ffs-changelog.html
Git repository: https://git.kelar.org/~bandali/ffs
Backronyms: fabulous foolproof slides - for freedom's sake - ffs flips slides

ffs and I owe a debt of gratitude to Protesilaos for rounds of code review and feedback for improving and polishing the package in preparation for submission to GNU ELPA. You can watch videos of these sessions posted earlier on my website:

Further, inspiration for parts of ffs's implementation was gratefully drawn from Protesilaos's Logos package for Emacs.

Dedicated to the loving memory of Farangis Yousefinia.

Below are the release notes.

Version 0.2.2 on 2026-05-21

First release of ffs on GNU ELPA.

The attempted build of ffs 0.2.1 within GNU ELPA build sandbox failed with an Error: void-function (org-texinfo-kbd-macro) due to use of #+macro: kbd (eval (org-texinfo-kbd-macro $1)) in ffs.org for better formatting of key sequences in the exported Texinfo copy. This seems to have happened for the specific case of generating a plain text README using ox-ascii where ELPA didn't load ox-texinfo. To try and mitigate this, a README.md has been added for use as the package README instead of ffs.org. If not sufficient, a Texinfo copy of the ffs manual will be shipped instead of the Org one in the next release.

ffs 0.2.2 also includes small fixes and improvements throughout ffs.el from Stefan Monnier, and additional feedback to be addressed in future releases.

Version 0.2.1 on 2026-05-20

The attempted build of ffs 0.2.0 within GNU ELPA build sandbox failed with a "Cannot include file" error on the "#+include: fdl.org" in the manual. So, as a workaround, we switch to using the official Texinfo copy of the GNU FDL license rather than an Org copy.

Version 0.2.0 on 2026-05-19

First release of ffs intended for GNU ELPA.

After a few years of inactivity, in early 2026 I decided to dust off ffs.el, polish and document it, and offer for inclusion in GNU ELPA as a proper package.

Default value of `ffs-default-face-height` changed to nil

To minimize unexpected and/or unnecessary changes out-of-the-box, the default value of ffs-default-face-height has been changed to nil.

`ffs-edit-buffer-name` demoted from user option to variable

This is not an important user-facing setting, so to help avoid overwhelming users with many options, this has been demoted from a user option to a variable.

Several new user options for customizing `ffs`'s behaviour

As part of the effort to bring ffs more in line with the conventions of other existing Emacs packages, the mechanisms for toggling various parts of Emacs's interface to minimize visual clutter were changed from being minor modes to being customizable user options. These are the replacement new user options, with a default value of nil:

ffs-hide-cursor
ffs-hide-mode-line
ffs-hide-header-line

Their value is buffer-local, and may be set globally using setq-default. See the sample configuration in the manual for an example of how to customize them.

The new ffs-page-delimiter user option defines the page delimiter inserted by ffs-edit-done when inserting a new slide. Emacs's page-delimiter regexp should be able to match ffs-page-delimiter's value, so if you use a custom page-delimiter be sure to customize ffs-page-delimiter accordingly.

The new ffs-echo-progress user option controls whether to display in echo area the progress through the slides. When non-nil, changing slides will also display the progress through the slides in the echo area. The format of the displayed progress can be customized using the new ffs-echo-progress-format user option.

The new ffs-edit-display-buffer-alist user option may be used to control the Window configuration for the ffs-edit buffer. By default, it will display the ffs-edit buffer in the same window.

The new ffs-edit-done-hook user option may be used to define hooks to be run at the end of ffs-edit-done after returning to the main ffs presentation buffer.

Lastly, a new ffs-find-speaker-notes-function variable was added to allow customizing the find function used for opening the speaker's notes file, defaulting to find-file-other-frame.

Version 0.1.0 on 2022-05-19

Initial publication of ffs.el as part of my personal configurations for GNU Emacs.

My first attempt at this concept was a now-archived ffsanim.el, a major mode implementation that used Emacs's animate library to animate slide texts onto the screen. Shortly after realizing the shortcomings of that approach, I abandoned it in favour a minor mode implementation and published version 0.1.0 of what is now ffs in my personal configs repository.

I used this implementation for presenting my LibrePlanet 2022 talk, The Net beyond the Web.

I picked "ffs" as the package name, the acronym for form feed slides.

Planet Debian
Amin Bandali: FFS code review and Emacs extensibility with Protesilaos 15 Mei 2026 om 04:55

Amin Bandali: FFS code review and Emacs extensibility with Protesilaos

Planet Debian

15 Mei 2026 om 04:55

In the recent weeks I've been engaging Prot as an Emacs coach to help with doing review passes over my upcoming ffs package as I work on polishing and documenting it in preparation for offering it for inclusion in GNU ELPA.

UPDATE 2026-05-15 08:50:10 -0400: Prot also published an article about our session on his website: https://protesilaos.com/codelog/2026-05-15-emacs-amin-bandali-ffs-display-buffer-org-capture/

Today we had our third session where we started by reviewing and talking about my recent changes to ffs, then ventured to other Emacs-related topics with the overarching theme of the flexibility and extensibility of GNU Emacs, including display-buffer-alist, keyboard macros, defining a custom ox-bhtml Org export backend derived from Org's ox-html for ultimate flexibility when exporting my site's pages from Org to HTML, Org capture, plain text files and Emacs's diary and how it compares to org-agenda, and keeping a journal with the help of Emacs.

Here is the video recording of our session, which I share with Prot's permission:

You can view or download the full-resolution video from the Internet Archive.

Lastly, here is the snippet Prot shared for having Isearch treat space as a wildcard, helpful for more easily matching multiple parts of a line:

(setq search-whitespace-regexp ".*?")
(setq isearch-lax-whitespace t)
(setq isearch-regexp-lax-whitespace nil)

Take care, and so long for now.

Planet Debian
Amin Bandali: FFS code review with Protesilaos 8 Mei 2026 om 04:10

Amin Bandali: FFS code review with Protesilaos

Planet Debian

8 Mei 2026 om 04:10

In the recent weeks I've been engaging Prot as an Emacs coach to help with doing review passes over my upcoming ffs package as I work on polishing and documenting it in preparation for offering it for inclusion in GNU ELPA.

Yesterday we had our second session focused on ffs, which I recorded and share publicly with everyone with Prot's permission, so that others can also benefit from Prot's insights and experience as we discuss various aspects of Emacs package development with the concrete example of ffs.

Here is the video recording of our session:

You can view or download the full-resolution video from the Internet Archive.

I addressed most of Prot's feedback about ffs from our first session, and I'll be working on the changes we discussed in this session in the next days.

In the last third of the video we switched topics to discuss a few Emacs-related tangents including adding a 'padding' effect for the mode line and its constructs, and distilling and separating the easily-reusable package-like parts of one's Emacs configuration from the actual configuration of those parts (e.g. the distinction of prot-lisp and prot-emacs-modules in Prot's Emacs configuration).

For mode line padding, here is the snippet I'm using with Prot's doric-themes:

(doric-themes-with-colors
  (custom-set-faces
   `(mode-line
     ((t :box (:line-width 6 :color ,bg-shadow-intense))))
   `(mode-line-inactive
     ((t :box (:line-width 6 :color ,bg-shadow-subtle))))
   `(mode-line-highlight
     ((t :box (:color ,bg-shadow-intense))))))

Take care, and so long for now.

Planet Debian
Amin Bandali: Emacs Chat with Sacha Chua 6 Mei 2026 om 01:43

Amin Bandali: Emacs Chat with Sacha Chua

Planet Debian

6 Mei 2026 om 01:43

Yesterday I joined Sacha Chua for a new episode of her Emacs Chat podcast, where we talked about Emacs and life. I gave a quick tour of my Emacs configuration, discussing at length my configurations for EXWM (Emacs X Window Manager) among other topics like Emacs's facility for visually indicating buffer boundaries in the fringe by setting indicate-buffer-boundaries and my convenience configuration macros.

The above video is provided with closed captions and the below transcript courtesy of Sacha with minor fixes and formatting by me. I've included some of Sacha's screenshots from our chat, you can see the rest on the episode's page on Sacha's blog.

A few links from our chat:

It was a lot of fun - thanks again for having me, Sacha!

Take care, and so long for now.

Transcript

For the full transcript please see: https://kelar.org/~bandali/gnu/emacs/emacs-chat-202605.html

Bitfocus Companion
Bitfocus Companion v4.3.4 31 Mei 2026 om 15:05

Bitfocus Companion v4.3.4

Bitfocus Companion

Door: Julusian

31 Mei 2026 om 15:05

📦 Downloads available at

https://user.bitfocus.io/download

💵 Donate to the project at

open collective https://opencollective.com/companion

Companion v4.3.4 - Release Notes

🐞 BUG FIXES

excessive sorting of entities in add modal
References to local variables in module actions/feedbacks not being invalidated when control is moved #4192
use module manifest name field from newer modules #4121
respect isVisibleExpression for remote surface config fields #4188
grid size grow prompt for surfaces not dismissing
importing pagenum buttons show broken page number
update elgato-stream-deck surface module
run yarn build for dev modules in docker #4177