https://bugzilla.redhat.com/show_bug.cgi?id=2230255
Jitka Plesnikova jplesnik@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Doc Type|--- |If docs needed, set a value Resolution|--- |NOTABUG Status|NEW |CLOSED Last Closed| |2023-08-09 08:52:46
--- Comment #3 from Jitka Plesnikova jplesnik@redhat.com --- The new dependencies were added for fix of CVE-2023-31486 in version 0.083.
0.083 2023-06-11 07:05:45-04:00 America/New_York (TRIAL RELEASE)
[!!! SECURITY !!!]
- Changes the `verify_SSL` default parameter from `0` to `1`. Fixes CVE-2023-31486.
- `$ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT}` can be used to restore the old default if required.
perl(IO::Socket::SSL), perl(Mozilla::CA) and perl(Net::SSLeay) was changed from recommends to requires to have SSL support available since `verify_SSL` is true.
I should update the dependencies when I updated perl-HTTP-Tiny to 0.084 but I forgot. So, that is the reason, why I did it now.