OBS 2.9.6 released ================ This is a security and bugfix release. It's applying fixes related to permissions and authorizations and a patch for a Rails security update, that was assigned with the CVE identifier CVE-2019-5419. Updaters from any OBS 2.9 release can upgrade the packages and restart all services. Updaters from former releases should read the README.UPDATERS file. OBS update is available from the following project: https://build.opensuse.org/project/show/OBS:Server:2.9 The appliance can be downloaded from: http://openbuildservice.org/download Details from the Release Notes of 2.9.6: ================================ Bugfixes ======== Frontend: * Rails security update was patched (CVE-2019-5419). * Added upper-limit to range to avoid long running queries in Webui::MonitorController. * In WebUI, only admins are allowed to create DoD repositories. * In WebUI, only admins are allowed to create sourceaccess/access repositories flags. * Added missing authorization to move repository path in Webui::ProjectController. * Require sourceaccess by default in `require_package`. Regards, David -- David Dionisio Kang -dkang@suse.de |dkang@suse.com BuildService Engineer SUSE Linux GmbH, Maxfeldstr. 5, D-90409 Nürnberg Tel: +49-911-74053-0; Fax: +49-911-7417755;https://www.suse.com/ SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) -- David Dionisio Kang - dkang@suse.de | dkang@suse.com BuildService Engineer SUSE Linux GmbH, Maxfeldstr. 5, D-90409 Nürnberg Tel: +49-911-74053-0; Fax: +49-911-7417755; https://www.suse.com/ SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)