SUSE Package Hub - openSUSE-2026-135

Update Info

openSUSE-2026-135

Security update for kubo

Type: security
Severity: moderate
Issued: 2026-04-19
Description:
This update for kubo fixes the following issues:

- Update to 0.40.1
  * IPIP-499: UnixFS CID Profiles
  * Automatic cleanup of interrupted imports
  * Light clients can now use your node for delegated routing
  * See total size when pinning
  * IPIP-523: ?format= takes precedence over Accept header
  * IPIP-524: Gateway codec conversion disabled by default
  * More reliable IPNS over PubSub
  * New ipfs diag datastore commands
  * New ipfs swarm addrs autonat command
  * Improved ipfs p2p tunnels with foreground mode
  * Friendlier ipfs dag stat output
  * ipfs key improvements
  * More reliable content providing after startup
  * No unnecessary DNS lookups for AutoTLS addresses
  * Configurable gateway request duration limit
  * Recovery from corrupted MFS root
  * RPC Content-Type headers for binary responses
  * New ipfs name get|put commands
  * Long listing format for ipfs ls
  * WebUI Improvements
  * Fixed Prometheus metrics bloat on popular subdomain gateways
  * libp2p announces all interface addresses
  * Badger v1 datastore slated for removal this year
  * Go 1.26
  * Dependency updates
    - github.com/ipld/go-ipld-prime v0.22.0 (boo#1261818, CVE-2026-35480)

- Update to 0.39.0
  * Made DHT Sweep provider the default
  * Fast root CID providing for immediate content discovery
  * Persist provider state across restarts
  * Detailed statistics with ipfs provide stat
  * Add warnings about slow reprovide
  * Rename: provider_provides_total
  * Automatic UPnP recovery after router restarts
  * No longer publish deprecated go-ipfs name
  * Limit for gateway range request for CDN compatibility
    - golang.org/x/net v0.47.0 (boo#1251613, CVE-2025-58190, boo#1251419, CVE-2025-47911)
    - golang.org/x/crypto v0.45.0 (boo#1253857, CVE-2025-58181)
- 0.38.0
  * Repository migration: simplified provide configuration
  * Add Experimental Sweeping DHT Provider
  * Expose DHT metrics
  * Improve gateway error pages with diagnostic tools
  * Update WebUI
  * Pin name improvements
  * Enforce identity CID size and ipfs files write fixes
  * Provide Filestore and Urlstore blocks on write
  * Limit MFS operation for --flush=false

- Bump golang build requirement to 1.25
- Update to 0.37.0:
  * Anonymous telemetry for better feature prioritization
  * Repository migration from v16 to v17 with embedded tooling
  * Gateway concurrent request limits and retrieval timeouts
  * AutoConf: Complete control over network defaults
  * Clear provide queue when reprovide strategy changes
  * Revamped ipfs log level command
  * Named pins in ipfs add command
  * New IPNS publishing options
  * Custom sequence numbers in ipfs name publish
  * Reprovider.Strategy is now consistently respected
  * Reprovider.Strategy=all: improved memory efficiency
  * Removed unnecessary dependencies
  * Improved ipfs cid
  * Deprecated ipfs stats reprovide
  * AutoRelay now uses all connected peers for relay discovery
  * Full changelog at
    https://github.com/ipfs/kubo/releases/tag/v0.37.0

- Update to 0.36.0:
  * Full changelog at https://github.com/ipfs/kubo/releases/tag/v0.36.0
  * HTTP Retrieval Client Now Enabled by Default
  * Bitswap Broadcast Reduction
  * Update go-log to v2
  * Kubo now uses AutoNATv2 as a client
  * Overwrite option for files cp command
  * Gateway now supports negative HTTP Range requests
  * Option for filestore command to remove bad blocks
  * ConnMgr.SilencePeriod configuration setting exposed
  * Fix handling of EDITOR env var
  * Dependency updates
References

Packages

kubo-0.40.1-bp157.2.9.1