Hello People,
We have just released Open Build Service 2.10.20 which fixes security vulnerabilities. You should update
your installations as soon as possible.
## Fixed Issues
Frontend:
* Update globalid gem from 1.0.0 to 1.0.1
- Fixes CVE-2023-22799 ReDoS based DoS vulnerability in the
GlobalID gem
* Update rack gem from 2.2.4 to 2.2.6.2
- Fixes CVE-2022-44571 Denial of service vulnerability in the
Content-Disposition parsing
component of Rack.
- Fixes CVE-2022-44572 Denial of service vulnerability in the
multipart parsing component
of Rack.
- Fixes CVE-2022-44570 Possible denial of service vulnerability
in the Range header
parsing component of Rack.
## How to Update
Package updates are available from the 2.10 repositories
https://build.opensuse.org/project/show/OBS:Server:2.10
Fixed appliances can be downloaded from
https://openbuildservice.org/download
Kind regards,
Lukas
-- Lukas Krause, Build Solutions SUSE Software Solutions Germany GmbH Maxfeldstrasse 5 90409 Nürnberg (HRB 36809, AG Nürnberg) Geschäftsführer: Ivo Totev