OBS 2.9.4 released
We're happy to announce the release of Open Build Service Version 2.9.4.
This release includes 2 security fixes and we recommend to update your
OBS instance as soon as possible.
Please check out the release notes for further details or contact us.
Once again a big thank you goes to Marcus Hüwe who found the security
bugs, provided detailed bug descriptions and patches:-)
If you find security bugs yourself, please report them to security(a)suse.de.
Please read our setup instructions
or even better, use our appliance
Update to OBS 2.9
In case you update from a previous OBS stable release please read
the README.UPDATERS file which comes with this version.
OBS Appliance users who have set up their LVM
can just replace their appliance image without data loss. The migration
will happen automatically.
Details from Release Notes
* Fixes permission check for bs requests with source projects that link
to another project (CVE-2018-12466, bsc#1098934)
* Fixes permission check in the InitializeDevelPackage attribute
codepath (CVE-2018-12467, bsc#1100217)
* Fix permission check of linked projects in
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-buildservice+owner(a)opensuse.org