Fedora 37 Planning To Use RPM 4.18 For Better Security
Fedora 37 is looking to make use of the upcoming RPM 4.18 release for the RPM Package Manager. Making RPM 4.18 a bit more notable than most releases is this version addressing "a whole class of symlink handling related security issues", some of which CVEs go back to last year.
Besides beefing up security, RPM 4.18 has more robust and secure --restore functionality, a new interactive shell for working with embedded macros and embedded Lua, a new rpmuncompress CLI tool for unpacking multiple sources, various macro improvements, and other fixes and security improvements.
Downloads and more details on the plans for using RPM 4.18 with Fedora 37 can be found via the Fedora Wiki. More information on this forthcoming RPM Package Manager update via RPM.org.