Open Build Service 2.10.22
Hello People, We have just released Open Build Service 2.10.22 which fixes security vulnerabilities. You should update your installations as soon as possible. ## Fixed Issues Frontend: * Update rack to version 2.2.8.1 - Fixed ReDoS in Accept header parsing [CVE-2024-26146] - Fixed ReDoS in Content Type header parsing [CVE-2024-25126] - Reject Range headers which are too large [CVE-2024-26141] DoS Vulnerability in Multipart MIME parsing. ## How to Update Package updates are available from the 2.10 repositories https://build.opensuse.org/project/show/OBS:Server:2.10 Fixed appliances can be downloaded from http://openbuildservice.org/download Kind regards, --- Daniel Donisa daniel.donisa@suse.com Build Solutions Team SUSE Software Solutions Germany GmbH
On 2024/03/05 Tue 12:16, Daniel Donisa wrote:
Hello People,
We have just released Open Build Service 2.10.22 which fixes security vulnerabilities. You should update your installations as soon as possible.
## Fixed Issues
Frontend: * Update rack to version 2.2.8.1
The rpm is ruby2.7-rubygem-rack-2.2-2.2.6.4-150500.23.3.x86_64.rpm on https://download.opensuse.org/repositories/OBS:/Server:/2.10/15.5/x86_64/ Thus upgrade of obs-api is not possible due to missing rack 2.2.8.1. Regards, Kai
Morning Kai, On 14/3/24 13:13, Kai Liu wrote:
On 2024/03/05 Tue 12:16, Daniel Donisa wrote:
The rpm is ruby2.7-rubygem-rack-2.2-2.2.6.4-150500.23.3.x86_64.rpm on https://download.opensuse.org/repositories/OBS:/Server:/2.10/15.5/x86_64/
Thus upgrade of obs-api is not possible due to missing rack 2.2.8.1.
Looks like during the last release the binaries didn't show up. Now they are in place. Thanks,
participants (2)
-
Daniel Donisa
-
Kai Liu