Mailinglist Archive: opensuse-buildservice (170 mails)

< Previous Next >
[opensuse-buildservice] Open Build Service(OBS) 2.4.4 released
Open Build Service(OBS) 2.4.4 just got released

Another bugfix release of the 2.4 series is out there.

This release fixes a serious security leak tracked as CVE-2013-3703
and Novell bugzilla 828256:

Users can add or remove other users to projects or packages even when
they have no maintainership there.

All OBS 2.4 admins a requested to updated immediatly to close this
hole. Instances with OBS 2.3 and before are not affected.

While OBS 2.4.4 only contains the bugfix for this situation, we introduced
a better design in master branch to avoid these kinds of bugs in future.

Beside of that a number of bugfixes for constraints and change detections
in the backend are included in this release.

From the official Release Notes:

Feature backports:

* none


* None


* api: Fix for CVE-2013-3703
* api: Do not hide projects which have an explicit access enabled tag.
* api: handle invalid strings in options.yml for
allow_user_to_create_home_project setting
* backend: repository type changes got not catched by the scheduler
* backend: fix project deleting not cleaning up build area in async mode
* backend: hostlabel build constraints had no effect
* backend: constraints defined in project config had no effect
* backend: start more then one worker by default if not using zVM


Adrian Schroeter
email: adrian@xxxxxxx

SUSE LINUX GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 21284
(AG Nürnberg)
Maxfeldstraße 5
90409 Nürnberg

To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-buildservice+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups