Hello People,

We have just released Open Build Service 2.10.20 which fixes security vulnerabilities. You should update

your installations as soon as possible.

## Fixed Issues

Frontend:

 * Update globalid gem from 1.0.0 to 1.0.1
   - Fixes CVE-2023-22799 ReDoS based DoS vulnerability in the GlobalID gem
 * Update rack gem from 2.2.4 to 2.2.6.2
   - Fixes CVE-2022-44571 Denial of service vulnerability in the Content-Disposition parsing
     component of Rack.
   - Fixes CVE-2022-44572 Denial of service vulnerability in the multipart parsing component
     of Rack.
   - Fixes CVE-2022-44570 Possible denial of service vulnerability in the Range header
     parsing component of Rack.

## How to Update

Package updates are available from the 2.10 repositories

https://build.opensuse.org/project/show/OBS:Server:2.10

Fixed appliances can be downloaded from

https://openbuildservice.org/download

Kind regards,

Lukas

-- 
Lukas Krause, Build Solutions

SUSE Software Solutions Germany GmbH
Maxfeldstrasse 5
90409 Nürnberg

(HRB 36809, AG Nürnberg)
Geschäftsführer: Ivo Totev