[prev in list] [next in list] [prev in thread] [next in thread] 

List:       opensuse-buildservice
Subject:    Open Build Service (OBS) 2.10.8 released
From:       Saray_Cabrera_Padrón <scabrerapadron () suse ! de>
Date:       2020-12-04 12:17:42
Message-ID: 570419bf-9080-ea51-b7b0-c7604050d679 () suse ! de
[Download RAW message or body]

OBS 2.10.8 released
==================

This release fixes a XSS security issue, tracked in CVE-2020-8031.

The leak exists in the WebUI comment functionality which can
be misused to inject malicious JavaScript code.

Updaters from any OBS 2.10.7 release can just upgrade the packages
and restart all services. Updaters from former releases should
read the README.UPDATERS file.

OBS update are available from the following projects:

https://build.opensuse.org/project/show/OBS:Server:2.10

The appliance can be downloaded from

http://openbuildservice.org/download


Details from the Release Notes of 2.10.8:
========================================

Bugfixes
========

* Frontend:
    - CVE-2020-8031: Potential Cross-Site Scripting in markdown rendering.

-- 
Saray A. Cabrera Padrón | scabrerapadron@suse.de | scabrerapadron@suse.com

Full Stack Web Developer - Open Build Service
SUSE Linux GmbH, Maxfeldstr. 5, D-90409 Nürnberg
Tel: +49-911-74053-0; Fax: +49-911-7417755;  https://www.suse.com/
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard,
Graham Norton, HRB 21284 (AG Nürnberg)
_______________________________________________
openSUSE Build Service mailing list -- buildservice@lists.opensuse.org
To unsubscribe, email buildservice-leave@lists.opensuse.org
List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette
List Archives: https://lists.opensuse.org/archives/list/buildservice@lists.opensuse.org

[prev in list] [next in list] [prev in thread] [next in thread]