Update CHANGELOG.md

Update CHANGELOG.md (#15010 )
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-06-09 00:55:14 +02:00 · 2026-06-08 20:46:16 +00:00 · 2026-06-08 20:29:01 +00:00 · 2026-06-08 22:28:40 +02:00 · 2026-06-08 22:28:17 +02:00 · 2026-06-08 21:20:24 +02:00
3 changed files with 9 additions and 2 deletions
@@ -486,6 +486,7 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit

  - #### 🐞 Bug Fixes

+    - security: Fix HTTP to HTTPS for all package and repository downloads [@MickLesk](https://github.com/MickLesk) ([#15009](https://github.com/community-scripts/ProxmoxVE/pull/15009))
    - homelable: preserve MCP server config across updates [@ferr079](https://github.com/ferr079) ([#14996](https://github.com/community-scripts/ProxmoxVE/pull/14996))
    - changedetection: migrate Python install to uv venv [@ferr079](https://github.com/ferr079) ([#14995](https://github.com/community-scripts/ProxmoxVE/pull/14995))

@@ -493,6 +494,12 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit

    - Update Flowwiseai to node 24 [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#14999](https://github.com/community-scripts/ProxmoxVE/pull/14999))

+### 🧰 Tools
+
+  - #### 🐞 Bug Fixes
+
+    - security: Fix MITM RCE vulnerability in microcode scripts (CVE) [@MickLesk](https://github.com/MickLesk) ([#15007](https://github.com/community-scripts/ProxmoxVE/pull/15007))
+
 ## 2026-06-07

 ### 🚀 Updated Scripts
@@ -76,7 +76,7 @@ intel() {
  }

  msg_info "Downloading the Intel Processor Microcode Package $microcode"
-  curl -fsSL "http://ftp.debian.org/debian/pool/non-free-firmware/i/intel-microcode/$microcode" -o $(basename "http://ftp.debian.org/debian/pool/non-free-firmware/i/intel-microcode/$microcode")
+  curl -fsSL --proto '=https' "https://ftp.debian.org/debian/pool/non-free-firmware/i/intel-microcode/$microcode" -o "$microcode"
  msg_ok "Downloaded the Intel Processor Microcode Package $microcode"

  msg_info "Installing $microcode (Patience)"
@@ -90,7 +90,7 @@ intel() {
  }

  msg_info "Downloading Intel processor microcode package $microcode"
-  curl -fsSL "http://ftp.debian.org/debian/pool/non-free-firmware/i/intel-microcode/$microcode" -o $(basename "http://ftp.debian.org/debian/pool/non-free-firmware/i/intel-microcode/$microcode")
+  curl -fsSL --proto '=https' "https://ftp.debian.org/debian/pool/non-free-firmware/i/intel-microcode/$microcode" -o "$microcode"
  msg_ok "Downloaded Intel processor microcode package $microcode"

  msg_info "Installing $microcode (this might take a while)"
Author	SHA1	Message	Date
github-actions[bot]	a171668d3f	Update CHANGELOG.md	2026-06-08 20:46:16 +00:00
community-scripts-pr-app[bot]	b9c115acca	Update CHANGELOG.md (#15010 ) Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>	2026-06-08 20:29:01 +00:00
CanbiZ (MickLesk)	3f619e4286	security: Fix HTTP to HTTPS for all package and repository downloads (#15009 ) Co-authored-by: Security Fix <security@community-scripts.org>	2026-06-08 22:28:40 +02:00
CanbiZ (MickLesk)	0f37e30f28	security: Fix MITM RCE vulnerability in microcode scripts (CVE) (#15007 ) Co-authored-by: Security Fix <security@community-scripts.org>	2026-06-08 22:28:17 +02:00
Security Fix	34243ff62f	security: Fix HTTP to HTTPS for package downloads (container-level) - install/deconz-install.sh: Switch GPG key and repository URLs to HTTPS - install/deconz-install.sh: Switch libssl1.1 .deb download to HTTPS with --proto flag - install/odoo-install.sh: Switch python3-lxml-html-clean .deb download to HTTPS - ct/odoo.sh: Switch python3-lxml-html-clean .deb download to HTTPS in update_script Changes: - All http:// → https:// for package/key downloads - Added --proto '=https' to prevent protocol downgrade - Improved quoting for file variables Impact: Prevents MITM attacks on container installations Affected containers: deconz, odoo Related to: security/fix-microcode-https PR (host-level fix)	2026-06-08 21:20:24 +02:00