docs: auto light/dark mode in user guide

[Djaytan]

No description provided.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

Overview

Image reference	djaytan/papermc-server:1.21.4	djaytan/papermc-server:test
- digest	8b3f6e2bafca	1e5822f149c5
- tag	1.21.4	test
- stream	latest
- provenance	4942fab
- vulnerabilities
- platform	linux/amd64	linux/amd64
- size	133 MB	143 MB (+10 MB)
- packages	171	178 (+7)
Base Image	alpine:3.22.0 also known as: • 3 • 3.22 • latest	alpine:3 also known as: • 3.22 • 3.22.0 • latest
- vulnerabilities

Policies (0 improved, 1 worsened, 3 missing data)

Policy Name	djaytan/papermc-server:1.21.4	djaytan/papermc-server:test	Change	Standing
No unapproved base images	✅	❓ No data
Default non-root user	✅	✅		No Change
No AGPL v3 licenses	✅	✅		No Change
No fixable critical or high vulnerabilities	⚠️ 5	⚠️ 5		No Change
No high-profile vulnerabilities	✅	✅		No Change
No outdated base images	✅	❓ No data
SonarQube quality gates passed	❓ No data	❓ No data
Supply chain attestations	✅	⚠️ 2	+2	Worsened

Packages and Vulnerabilities (9 package changes and 0 vulnerability changes)

• ➕ 8 packages added
• ➖ 1 packages removed
• 165 packages unchanged

Changes for packages of type apk (7 changes)

	Package	Version djaytan/papermc-server:1.21.4	Version djaytan/papermc-server:test
➕	alpine-base		3.22.0-r0
➕	ca-certificates		20241121-r2
➕	gcc		14.2.0-r6
➕	ncurses		6.5_p20250503-r0
➕	openssl		3.5.0-r0
➕	pax-utils		1.3.8-r1
➕	xz		5.8.1-r0

Changes for packages of type generic (2 changes)

	Package	Version djaytan/papermc-server:1.21.4	Version djaytan/papermc-server:test
➖	openjdk	21.0.7
➕	openjdk		21.0.7

[github-actions]

🔍 Vulnerabilities of djaytan/papermc-server:test

📦 Image Reference djaytan/papermc-server:test

digest	sha256:1e5822f149c5ac9422a4e6c22a2c1fe5a7c6eb40257615e5cd2e7affe0e404f6
vulnerabilities
platform	linux/amd64
size	143 MB
packages	178

📦 Base Image alpine:3

also known as	3.22 3.22.0 latest
digest	sha256:08001109a7d679fe33b04fa51d681bd40b975d8f5cea8c3ef6c0eccb6a7338ce
vulnerabilities

org.apache.commons/commons-compress 1.5 (maven) pkg:maven/org.apache.commons/[email protected] Improper Handling of Length Parameter Inconsistency Affected range <1.21 Fixed version 1.21 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H EPSS Score 0.279% EPSS Percentile 51st percentile Description When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package. Improper Handling of Length Parameter Inconsistency Affected range <1.21 Fixed version 1.21 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H EPSS Score 0.365% EPSS Percentile 58th percentile Description When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package. Improper Handling of Length Parameter Inconsistency Affected range <1.21 Fixed version 1.21 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H EPSS Score 0.361% EPSS Percentile 57th percentile Description When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package. Excessive Iteration Affected range <1.21 Fixed version 1.21 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H EPSS Score 0.139% EPSS Percentile 35th percentile Description When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package. Loop with Unreachable Exit Condition ('Infinite Loop') Affected range >=1.3 <1.26.0 Fixed version 1.26.0 CVSS Score 5.9 CVSS Vector CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H EPSS Score 0.012% EPSS Percentile 1st percentile Description Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress. This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue.

com.google.protobuf/protobuf-java 4.26.1 (maven) pkg:maven/com.google.protobuf/[email protected] Improper Input Validation Affected range >=4.0.0.rc.1 <4.27.5 Fixed version 4.27.5 CVSS Score 8.7 CVSS Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N EPSS Score 0.189% EPSS Percentile 41st percentile Description Summary When parsing unknown fields in the Protobuf Java Lite and Full library, a maliciously crafted message can cause a StackOverflow error and lead to a program crash. Reporter: Alexis Challande, Trail of Bits Ecosystem Security Team [email protected] Affected versions: This issue affects all versions of both the Java full and lite Protobuf runtimes, as well as Protobuf for Kotlin and JRuby, which themselves use the Java Protobuf runtime. Severity CVE-2024-7254 High CVSS4.0 Score 8.7 (NOTE: there may be a delay in publication) This is a potential Denial of Service. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker. Proof of Concept For reproduction details, please refer to the unit tests (Protobuf Java LiteTest and CodedInputStreamTest) that identify the specific inputs that exercise this parsing weakness. Remediation and Mitigation We have been working diligently to address this issue and have released a mitigation that is available now. Please update to the latest available versions of the following packages: protobuf-java (3.25.5, 4.27.5, 4.28.2) protobuf-javalite (3.25.5, 4.27.5, 4.28.2) protobuf-kotlin (3.25.5, 4.27.5, 4.28.2) protobuf-kotlin-lite (3.25.5, 4.27.5, 4.28.2) com-protobuf [JRuby gem only] (3.25.5, 4.27.5, 4.28.2)

golang.org/x/net 0.34.0 (golang) pkg:golang/golang.org/x/[email protected] Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected range <0.38.0 Fixed version 0.38.0 CVSS Score 5.3 CVSS Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N EPSS Score 0.024% EPSS Percentile 5th percentile Description The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. , , etc contexts). Misinterpretation of Input Affected range <0.36.0 Fixed version 0.36.0 CVSS Score 4.4 CVSS Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L EPSS Score 0.012% EPSS Percentile 1st percentile Description Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.

[github-actions]

🎉 This PR is included in version 2.11.4 🎉

The release is available on:

• v2.11.4
• GitHub release

Your semantic-release bot 📦🚀