On Saturday 27 November 2010 23:35:08 Jan-Simon Möller wrote: ...
Adrian will roll new unstable packages shortly.
Packages from openSUSE:Tools:Unstable with version 2.1.66 contain this first snapshot. It contains also a fix for OBS interconnect. The client side support was broken in last weeks "git master" code branch.
Testing and feedback very welcome.
Todo: * add support for Vivian's LDAP group patches * cleanups * remoteprojects need testing * bugfixing
We currently know that there is a leak in the webui. It does cache independend of the user and may grant access or show content of hidden projects to others. Otherwise the protection should be complete, even though there are still some documented broken test cases and also some wanted logic changes. If you have an idea to expose content of an "access" disable project, feel free to try it and to report. And of course, there can't be enough people to review this security relevant code ;) thanks adrian -- Adrian Schroeter SUSE Linux Products GmbH email: adrian@suse.de -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org