OBS 2.9.5 released ==================
This release is fixing in first place an issue with creating requests with IDs, tracked in bnc#1108435 and CVE-2018-12479.
The issue exists in the API request creation functionality which can be misused to DOS creating new requests.
Updaters from any OBS 2.9 release can just ugrade the packages and restart all services. Updaters from former releases should read the README.UPDATERS file.
OBS update are available from the following projects:
The appliance can be downloaded from
Details from the Release Notes of 2.9.5: ========================================
Frontend: * Do not allow null characters in comments * Prevent creation of a request with an ID attribute
Backend: * avoid wipebinaries in locked projects * fixes for new genmeta scheduling strategy * fixed usage of preinstallimages
Backend: * obs_admin can trigger DoD repository meta data updates via --recheck-dod option
Have a lot of fun with the release,