Hello People, We have just released Open Build Service 2.10.21 which fixes security vulnerabilities. You should update your installations as soon as possible. ## Update of the Base Distributions We have updated the base distribution of the appliance to Leap 15.5. We also have updated the supported distros to the 2 latest Leap versions / SLES 15 and SLES 12 Service Packs. In other words, the supported distributions are now: - openSUSE Leap 15.5 x86_64 - openSUSE Leap 15.4 x86_64 - SUSE Linux Enterprise Server 15 Service Pack 5 x86_64 - SUSE Linux Enterprise Server 15 Service Pack 4 x86_64 - SUSE Linux Enterprise Server 12 Service Pack 5 x86_64 - SUSE Linux Enterprise Server 12 Service Pack 4 x86_64 If you are running OBS on a previous distribution version, we kindly ask you to update your systems to a supported one. ## Fixed Issues Frontend: * Update rack to version 2.2.6.4 - Fixes CVE-2023-27539 Avoid ReDoS (https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service...) in header parsing. - Fixes CVE-2023-27530 Possible DoS Vulnerability in Multipart MIME parsing. ## How to Update Package updates are available from the 2.10 repositories https://build.opensuse.org/project/show/OBS:Server:2.10 Fixed appliances can be downloaded from http://openbuildservice.org/download Kind regards, Eduardo Navarro -- Eduardo Navarro Senior Full Stack Web Developer SUSE Software Solutions Germany GmbH Eduardo.Navarro@suse.com Frankenstraße 146 90461 Nürnberg Germany Geschäftsführer: Ivo Totev, Andrew Myers, Andrew McDonald, Boudien Moerman (HRB 36809, AG Nürnberg) www.suse.com