We just released OBS 2.1.1 maintenance und security fix release. Users of OBS 2.1.0 should update ASAP due to a critical security issue. OBS 2.0 and before is not affected by this. Apart from this we have also a number of bugfixes, find details below. Special thanks go to Vivian Zhang from Intel and David Greaves for their contributions to this release. It got released to the ususal places: Appliance: http://en.opensuse.org/openSUSE:Build_Service_Appliance Packages: http://download.opensuse.org/repositories/openSUSE:/Tools/ Git: http://www.gitorious.org/opensuse/build-service/commits/2.1 Changes: ======== * Default build target list got updated * Support for filtering user base when using LDAP database for authentification * LDAP support enforces the usage of SSL for authentification now for security reasons Bugfixes: ========= * api got fixes which allowed a cross side scripting attack to change a users password, if he is logged in and clicked on a crafted URL elsewhere. (Affected only OBS 2.1.0) * api handles request state "revoked" also as final state now * webui received multiple layout fixes and improvements esp. when handling sources. * webui is CC'ng now all bugowners if multiple are defined (#513167) * source service daemon has been fixed to support long running processes * worker code download is honoring proxy settings now (#630994) -- Adrian Schroeter SUSE Linux Products GmbH email: adrian@suse.de -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org