[prev in list] [next in list] [prev in thread] [next in thread]
List: opensuse-buildservice
Subject: [opensuse-buildservice] OBS 2.10.5 released
From: Adrian =?ISO-8859-1?Q?Schr=F6ter?= <adrian () suse ! de>
Date: 2020-05-19 12:45:07
Message-ID: 9595049.0AQdONaE2F () linux-izwb ! site
[Download RAW message or body]
OBS 2.10.5 released
===================
This is fixing a security issue if you rely on hiding sources
in your instance. A package update will be enough to fix
a running instance.
Backend:
* CVE-2020-8021: unauthorized read access to files where sourceacess
is disabled via a crafted _service (bsc#1171649)
Shipment:
* Version numbers of appliances got fixed.
Kudos to Marcus Hüwe who found and fixed the issue.
Thanks a lot!
Fixes from 2.10.4 and 2.10.3 (unanounced)
=========================================
Frontend:
* CVE-2020-8020: Possible stored XSS attack on comments markdown
* Support recent MySQL/MariaDB releases
Backend:
* Fix redis service restart behaviour
Shipment:
* Support for SLES 15 SP2 as host system
--
Adrian Schroeter
email: adrian@suse.de
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
Maxfeldstraße 5
90409 Nürnberg
Germany
--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org
To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic