OBS 2.10.8 released ================== This release fixes a XSS security issue, tracked in CVE-2020-8031. The leak exists in the WebUI comment functionality which can be misused to inject malicious JavaScript code. Updaters from any OBS 2.10.7 release can just upgrade the packages and restart all services. Updaters from former releases should read the README.UPDATERS file. OBS update are available from the following projects: https://build.opensuse.org/project/show/OBS:Server:2.10 The appliance can be downloaded from http://openbuildservice.org/download Details from the Release Notes of 2.10.8: ======================================== Bugfixes ======== * Frontend:   - CVE-2020-8031: Potential Cross-Site Scripting in markdown rendering. -- Saray A. Cabrera Padrón | scabrerapadron@suse.de | scabrerapadron@suse.com Full Stack Web Developer - Open Build Service SUSE Linux GmbH, Maxfeldstr. 5, D-90409 Nürnberg Tel: +49-911-74053-0; Fax: +49-911-7417755; https://www.suse.com/ SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)