OBS 2.6.9 released ================== This release fixes two important CVEs in OBS related dependencies (rails, actionview, actionpack). The related CVEs are stated in the Release Notes. For more information, please see this blog article from the official rails website: http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have... OBS 2.5 and 2.4 are also affected, but not yet fixed. Updaters from any OBS 2.6 release can just ugrade the packages and restart all services. Updaters from former releases should read the README.UPDATERS file. OBS update are available from the following projects: https://build.opensuse.org/project/show/OBS:Server:2.6 The appliance can be downloaded from http://openbuildservice.org/download Details from the Release Notes of 2.6.8: ======================================== Feature backports: ================== * none Changes: ======== * none Bugfixes: ========= * [webui] Update rails to version 4.1.14.2 to fix several security issues (CVE-2016-2097, CVE-2016-2098) * [webui] Fixes repositories tab that does not show additional repositories * [backend] Finally fix local building inside a project on a remote OBS instance -- -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org