OBS 2.9.5 released ================== This release is fixing in first place an issue with creating requests with IDs, tracked in bnc#1108435 and CVE-2018-12479. The issue exists in the API request creation functionality which can be misused to DOS creating new requests. Updaters from any OBS 2.9 release can just ugrade the packages and restart all services. Updaters from former releases should read the README.UPDATERS file. OBS update are available from the following projects: https://build.opensuse.org/project/show/OBS:Server:2.9 The appliance can be downloaded from http://openbuildservice.org/download Details from the Release Notes of 2.9.5: ======================================== Bugfixes ======== Frontend: * Do not allow null characters in comments * Prevent creation of a request with an ID attribute Backend: * avoid wipebinaries in locked projects * fixes for new genmeta scheduling strategy * fixed usage of preinstallimages Features ======== Backend: * obs_admin can trigger DoD repository meta data updates via --recheck-dod option Have a lot of fun with the release, Henne -- Henne Vogelsang http://www.opensuse.org Everybody has a plan, until they get hit. - Mike Tyson -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org