Hey, another small bugfix release for 2.10 bringing some dependency updates with security fixes for: CVE-2020-15169: Potential XSS vulnerability in Action View CVE-2020-8184: Percent-encoded cookies can be used to overwrite existing prefixed cookie names GHSA-g6wq-qcwm-j5g2: ReDoS vulnerability in Sec-WebSocket-Extensions parser GHSA-vr8q-g5c7-m54m: Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability Package updates are available from the OBS:Server:2.10 repository https://build.opensuse.org/project/show/OBS:Server:2.10 The appliance can be downloaded from http://openbuildservice.org/download Happy (secure) building, Henne, the OBS Team -- Henne Vogelsang http://www.opensuse.org Everybody has a plan, until they get hit. - Mike Tyson