Hello! We released a set of security patches for Uyuni 2024.10 Server and Proxy that provide the following fixes: * CVE-2024-22037: Database password leaked by systemd uyuni-server-attestation service (bsc#1231497) * CVE-2024-47533: Prevent privilege escalation from none to admin (bsc#1231332) * CVE-2024-22037: Use podman secret to store the database credentials (bsc#1231497) * CVE-2024-49502: Validate proxy hostname format and escape proxy username to mitigate XSS vulnerabilities (bsc#1231852) * CVE-2024-49503: Escape organization credentials username to mitigate XSS vulnerability (bsc#1231922) * Redact JSESSIONID and pxt-session-cookie values from logs and console output (bsc#1231568) * Limit frontend-log message size (bsc#1231900) You can apply the patch at the Uyuni Server and Proxy by following the instructions at: https://www.uyuni-project.org/pages/patches.html Happy hacking and have a lot of fun! Raùl & Marina -- Marina Latini Release Engineer SUSE Software Solutions Germany GmbH Frankenstr. 146, 90461 Nuernberg Germany www.suse.com Geschäftsführer: Ivo Totev, Andrew McDonald, Werner Knoblich (HRB 36809, AG Nürnberg) #ThePowerOfMany #DareToBeDifferent #HaveALotOfFun