OBS 2.10.5 released
===================
This is fixing a security issue if you rely on hiding sources
in your instance. A package update will be enough to fix
a running instance.
Backend:
* CVE-2020-8021: unauthorized read access to files where sourceacess
is disabled via a crafted _service (bsc#1171649)
Shipment:
* Version numbers of appliances got fixed.
Kudos to Marcus Hüwe who found and fixed the issue.
Thanks a lot!
Fixes from 2.10.4 and 2.10.3 (unanounced)
=========================================
Frontend:
* CVE-2020-8020: Possible stored XSS attack on comments markdown
* Support recent MySQL/MariaDB releases
Backend:
* Fix redis service restart behaviour
Shipment:
* Support for SLES 15 SP2 as host system
--
Adrian Schroeter
email: adrian(a)suse.de
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG
Nürnberg)
Maxfeldstraße 5
90409 Nürnberg
Germany
--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-buildservice+owner(a)opensuse.org
Show replies by date