[prev in list] [next in list] [prev in thread] [next in thread] 

List:       opensuse-buildservice
Subject:    [opensuse-buildservice] OBS 2.10.5 released
From:       Adrian =?ISO-8859-1?Q?Schr=F6ter?= <adrian () suse ! de>
Date:       2020-05-19 12:45:07
Message-ID: 9595049.0AQdONaE2F () linux-izwb ! site
[Download RAW message or body]

OBS 2.10.5 released
===================

This is fixing a security issue if you rely on hiding sources
in your instance. A package update will be enough to fix
a running instance.

Backend:
 * CVE-2020-8021: unauthorized read access to files where sourceacess 
                  is disabled via a crafted _service (bsc#1171649)

Shipment:
 * Version numbers of appliances got fixed.


Kudos to Marcus Hüwe who found and fixed the issue.
Thanks a lot!



Fixes from 2.10.4 and 2.10.3 (unanounced)
=========================================

Frontend:
 * CVE-2020-8020: Possible stored XSS attack on comments markdown
 * Support recent MySQL/MariaDB releases

Backend:
 * Fix redis service restart behaviour

Shipment:
 * Support for SLES 15 SP2 as host system

-- 

Adrian Schroeter
email: adrian@suse.de

SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) 
 
Maxfeldstraße 5                         
90409 Nürnberg 
Germany 




--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org
To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org

[prev in list] [next in list] [prev in thread] [next in thread]