Hello People, We have just released Open Build Service 2.10.15 which fixes two security vulnerabilities. You should update your installations as soon as possible. ## Fixed Issues 1. Fix CVE-2022-22577: There is a possible XSS vulnerability in Rails / Action Pack. CSP headers were only sent along with responses that Rails considered as "HTML" responses. This left API requests without CSP headers, which could possibly expose users to XSS attacks. https://github.com/advisories/GHSA-mm33-5vfq-3mm3 2. Fix CVE-2022-27777: There is a possible XSS vulnerability in Action View tag helpers. Passing untrusted input as hash keys can lead to a possible XSS vulnerability. https://github.com/advisories/GHSA-ch3h-j2vf-95pv ## How to Update Package updates are available from the 2.10 repositories https://build.opensuse.org/project/show/OBS:Server:2.10 Fixed appliances can be downloaded from http://openbuildservice.org/download Regards, Lukas -- Lukas Krause, Build Solutions SUSE Software Solutions Germany GmbH Maxfeldstr. 5 90409 Nürnberg Germany (HRB 36809, AG Nürnberg) Geschäftsführer: Ivo Totev