Skip to content

Update brotli to 1.2.0 #3469

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mattleibow merged 1 commit into from
Jan 29, 2026
Merged

Update brotli to 1.2.0 #3469

mattleibow merged 1 commit into from
Jan 29, 2026
+2 −2

Conversation

@mattleibow
Copy link
Contributor

@mattleibow mattleibow commented Jan 28, 2026

Summary

Update brotli from v1.0.9 to v1.2.0 to fix CVE-2025-6176.

Security

CVE-2025-6176 (HIGH 7.5): Denial of Service via decompression bomb. Specially crafted Brotli-compressed data can decompress to enormous sizes, exhausting memory.

Changes

  • Updated externals/skia submodule to mono/skia@9041d954a1
  • Updated cgmanifest.json with brotli 1.2.0

Testing

  • macOS arm64 build: ✅ Passed
  • Console tests: ✅ 5340 passed

Required skia PR

mono/skia#165

@mattleibow mattleibow mentioned this pull request Jan 28, 2026
Merged
@github-actions
Copy link

github-actions bot commented Jan 28, 2026

Triage Summary

The label os/macOS will be applied indicating that the issue is relevant to macOS.

This issue is not a regression as it primarily concerns updating a library for security reasons rather than introducing new problems.

Additional remarks:

  • The issue involves updating the Brotli library but does not have appropriate labels for build or related libraries.
  • There are no specific labels available that reflect the issue's focus on the Brotli update.
Detailed Summary and Actions

Summary of the triage:

  • The issue is related to an update of the Brotli library.
  • The label os/macOS will be applied because the issue mentions successful tests on macOS arm64.
  • There are no other relevant labels available for this issue, as it does not fit into the categories of build, documentation, or other specific libraries indicated.

Summary of the actions that will be performed:

Action Item Description
Apply Label os/macOS The issue mentions successful tests on macOS arm64, indicating it is relevant to macOS.

This entire triage process was automated by AI and mistakes may have been made. Please let us know so we can continue to improve.

@mattleibow
Update brotli to 1.2.0
ab44df7 
Fixes CVE-2025-6176 (HIGH 7.5) - DoS via decompression bomb.

Changes:
- Updated externals/skia submodule with brotli 1.2.0
- Updated cgmanifest.json
@mattleibow mattleibow merged commit 5bad8de into main Jan 29, 2026
2 checks passed
@mattleibow mattleibow deleted the dev/update-brotli branch January 29, 2026 00:37
@mattleibow mattleibow added the copilot Created by GitHub Copilot label Feb 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

copilot Created by GitHub Copilot os/macOS

Projects

SkiaSharp Backlog
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mattleibow