Mailinglist Archive: opensuse-buildservice (70 mails)

< Previous Next >
[opensuse-buildservice] Open Build Service 2.9.4 released​
OBS 2.9.4 released
==================

We're happy to announce the release of Open Build Service Version 2.9.4.

This release includes 2 security fixes and we recommend to update your OBS instance as soon as possible.
Please check out the release notes for further details or contact us.

Once again a big thank you goes to Marcus Hüwe who found the security bugs, provided detailed bug descriptions and patches:-)

If you find security bugs yourself, please report them to security@xxxxxxx.


Install 2.9
=========

Please read our setup instructions

https://github.com/openSUSE/open-build-service/blob/2.9/README.md#installation

or even better, use our appliance

http://download.opensuse.org/repositories/OBS:/Server:/2.9/images/


Update to OBS 2.9
===============

In case you update from a previous OBS stable release please read
the README.UPDATERS file which comes with this version.

https://github.com/openSUSE/open-build-service/blob/2.9/dist/README.UPDATERS

OBS Appliance users who have set up their LVM

http://openbuildservice.org/download/#appliance_config

can just replace their appliance image without data loss. The migration
will happen automatically.


Details from Release Notes
===================

Bugfixes
========

Frontend:
* Fixes permission check for bs requests with source projects that link
to another project (CVE-2018-12466, bsc#1098934)
* Fixes permission check in the InitializeDevelPackage attribute codepath (CVE-2018-12467, bsc#1100217)
* Fix permission check of linked projects in BsRequestAction.check_action_permission
--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-buildservice+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages