Security PSA: 16 Advisories in HTTP.jl (Please upgrade to 2.4.0)

Keno · June 20, 2026, 2:26am

We are in the process of publishing 16 advisories in HTTP.jl all of them fixed in the just-released HTTP.jl 2.4.0. See the SecurityAdvisories.jl repo (Publish HTTP.jl security advisories - Pull Request #549 - JuliaLang/SecurityAdvisories.jl - GitHub) for details. None of these are particularly major by themselves, but as a set they add up, so we recommend all users upgrade as soon as possible.

These issues were detected by a version of Claude Mythos and disclosed to the Julia Security team by Anthropic’s Coordinated Vulnerability Disclosure team. We thank them for their efforts.

Keno · June 20, 2026, 2:27am

It’s been requested that I clarify that this is unrelated to the recent CI issues (which we are still in the process of fully resolving and will have a separate writeup once fully complete).

Topic		Replies	Views
[ANN] HTTP.jl 1.0 Release Package Announcements package , announcement , web , http	0	1225	June 19, 2022
Julia security advisories New to Julia	23	5958	December 15, 2021
Security Advisory: HTTP.jl, URIs.jl, Registrator.jl, GitForge.jl, and GitHub.jl General Usage security	2	413	June 26, 2025
Julia HTTP not working New to Julia http	3	794	August 24, 2021
[ANN] HTTP.jl 2.0 release and new package Reseau.jl Package Announcements web	17	1488	June 5, 2026

Security PSA: 16 Advisories in HTTP.jl (Please upgrade to 2.4.0)

Related topics