Dear Uyuni users,
With regard to the latest publication of the Log4Shell vulnerability
[1], we can announce that as to our current knowledge Uyuni
installations are not affected.
Log4j is used in Uyuni, but we are shipping version 1.2.17 (from
openSUSE Leap 15.3) which apparently is showing that specific problem
only when it is configured to use JMSAppender [2]. This is not the case
in Uyuni as long as the log4j configuration has not manually been
changed to use it. A general fix for the 1.2.17 package is currently
being worked on and should become available soon.
Best regards,
Johannes Renner
[1] https://nvd.nist.gov/vuln/detail/CVE-2021-44228
[2] https://access.redhat.com/security/cve/CVE-2021-4104
--
Johannes Renner - Engineering Manager, SUSE Manager; R&D
SUSE Software Solutions Germany GmbH
Maxfeldstr. 5
90409 Nuremberg
Germany
(HRB 36809, AG Nürnberg)
Managing Director: Ivo Totev
We are happy to announce the immediate availability of Uyuni 2021.12
At https://www.uyuni-project.org/pages/stable-version.html you will find all
the resources you need to start working with Uyuni 2021.12, including the
release notes, documentation, requirements and setup instructions.
VERY IMPORTANT: Read the release notes! If you are updating from an Uyuni
version older than 2021.06, a major upgrade procedure is required.
This is the list of highlights for this release:
* Salt as a Bundle
* aarch64 support for openSUSE Leap 15.3, CentOS 7/8, clones and related
systems
* System reactivation
* Low Diskspace notification
* Package Locking for Salt Minions
* Monitoring: Prometheus Blackbox exporter
* Monitoring: Formulas
* Content Lifecycle Management improvement
* New XMLRPC API methods for SaltKey
* New product enabled
* CVE-2021-40348 remediation
* CentOS 8 End of Life
* Future deprecation of the traditional stack
Please check the release notes for full details.
Remember that Uyuni will follow a rolling release planning, so the next
version will contain bugfixes for this one and any new features. There will be
no maintenance of 2021.12
As always, we hope you will enjoy Uyuni 2021.12 and we invite everyone of you
to send us your feedback [1] and of course your patches, if you can
contribute.
Happy hacking!
[1] https://www.uyuni-project.org/pages/contact.html
--
Julio González Gil
Release Engineer, SUSE Manager and Uyuni
jgonzalez(a)suse.com
