Open Build Service 2.10.20 released
Hello People, We have just released Open Build Service 2.10.20 which fixes security vulnerabilities. You should update your installations as soon as possible. ## Fixed Issues Frontend: * Update globalid gem from 1.0.0 to 1.0.1 - Fixes CVE-2023-22799 ReDoS based DoS vulnerability in the GlobalID gem * Update rack gem from 2.2.4 to 2.2.6.2 - Fixes CVE-2022-44571 Denial of service vulnerability in the Content-Disposition parsing component of Rack. - Fixes CVE-2022-44572 Denial of service vulnerability in the multipart parsing component of Rack. - Fixes CVE-2022-44570 Possible denial of service vulnerability in the Range header parsing component of Rack. ## How to Update Package updates are available from the 2.10 repositories https://build.opensuse.org/project/show/OBS:Server:2.10 Fixed appliances can be downloaded from https://openbuildservice.org/download http://openbuildservice.org/download Kind regards, Lukas -- Lukas Krause, Build Solutions SUSE Software Solutions Germany GmbH Maxfeldstrasse 5 90409 Nürnberg (HRB 36809, AG Nürnberg) Geschäftsführer: Ivo Totev
participants (1)
-
Lukas Krause