Open Build Service 2.10.17 - openSUSE Build Service

25 Jul 2022


      Hello People,
We have just released Open Build Service 2.10.17 which fixes security 
vulnerabilities. You should update
your installations as soon as possible.
## Fixed Issues
Frontend:
1. Bug fix session leaking during BsRequest auto accept - See 
https://github.com/openSUSE/open-build-service/pull/12821
2. Update rails to 5.2.8.1 - CVE-2022-32224 Possible RCE escalation bug 
with Serialized Columns in Active Record
3. Update tzinfo from 1.2.9 to 1.2.10 - CVE-2022-31163 TZInfo relative 
path traversal vulnerability allows loading of arbitrary file
## How to Update
Package updates are available from the 2.10 repositories
https://build.opensuse.org/project/show/OBS:Server:2.10
Fixed appliances can be downloaded from
http://openbuildservice.org/download
Kind regards,
Lukas
-- 
Lukas Krause, Build Solutions

SUSE Software Solutions Germany GmbH
Maxfeldstrasse 5
90409 Nürnberg

(HRB 36809, AG Nürnberg)
Geschäftsführer: Ivo Totev