Mailinglist Archive: opensuse-buildservice (96 mails)

< Previous Next >
[opensuse-buildservice] Open Build Service (OBS) 2.6.6 released
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

OBS 2.6.6 released
==================

This release is fixing an cross site scripting security issue, tracked
in https://github.com/openSUSE/open-build-service/issues/1218

The issue exists in the WebUI component and can be used to steal
sessions, to gain access to projects as another user for instance.

Updaters from any OBS 2.6 release can just upgrade the packages
and restart all services. Updaters from former releases should
read the README.UPDATERS file.

Updated OBS packages are available from

https://build.opensuse.org/project/show/OBS:Server:2.6

The appliance can be downloaded from

http://openbuildservice.org/download


Details from the Release Notes of 2.6.6:
========================================

Feature backports:
==================

* none

Changes:
========

* Keep enforce_project_keys/forceprojectkeys in sync

Bugfixes:
=========

* webui: fix XSS attack vector via project.title


Henne

- --
Henne Vogelsang
http://www.opensuse.org
Everybody has a plan, until they get hit.
- Mike Tyson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAlYdM+EACgkQnWFkwpVfreCSAgCfeQTWloYu10apH3bOPg5K9ZFI
+UwAn0iR4qWKzy2122cuEdO/rUmljlqb
=Cpsq
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-buildservice+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages