OBS 2.10.5 released =================== This is fixing a security issue if you rely on hiding sources in your instance. A package update will be enough to fix a running instance. Backend: * CVE-2020-8021: unauthorized read access to files where sourceacess is disabled via a crafted _service (bsc#1171649) Shipment: * Version numbers of appliances got fixed. Kudos to Marcus Hüwe who found and fixed the issue. Thanks a lot! Fixes from 2.10.4 and 2.10.3 (unanounced) ========================================= Frontend: * CVE-2020-8020: Possible stored XSS attack on comments markdown * Support recent MySQL/MariaDB releases Backend: * Fix redis service restart behaviour Shipment: * Support for SLES 15 SP2 as host system -- Adrian Schroeter email: adrian(a)suse.de SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) Maxfeldstraße 5 90409 Nürnberg Germany -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner(a)opensuse.org