Mailinglist Archive: opensuse-buildservice (138 mails)

< Previous Next >
[opensuse-buildservice] Open Build Service (OBS) 2.6.8 released
  • From: Christian Bruckmayer <cbruckmayer@xxxxxxx>
  • Date: Wed, 3 Feb 2016 14:04:29 +0100
  • Message-id: <56B1FADD.5010408@suse.de>
OBS 2.6.8 released
==================

This release fixes several CVEs in OBS related dependencies (rails,
sprockets, jquery, rack). The related CVEs are stated in the Release
Notes. For more information, please see this blog article from the
official rails website:
http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/

OBS 2.5 and 2.4 are also affected, but not yet fixed.

Updaters from any OBS 2.6 release can just ugrade the packages
and restart all services. Updaters from former releases should
read the README.UPDATERS file.

OBS update are available from the following projects:

https://build.opensuse.org/project/show/OBS:Server:2.6

The appliance can be downloaded from

http://openbuildservice.org/download


Details from the Release Notes of 2.6.8:
========================================

Feature backports:
==================

* none

Changes:
========

* none

Bugfixes:
=========

* [webui] Update rails to version 4.1.14.1 to fix several security
issues (CVE-2015-7576, CVE-2016-0751, CVE-2015-7577, CVE-2016-0752,
CVE-2016-0753, CVE-2015-7581)
* [webui] Update rack to version 1.5.5 to fix security issue (CVE-2015-3225)
* [webui] Update jquery-rails to version 3.1.4 to fix security issue
(CVE-2015-1840)
* [webui] Update sprockets to version 2.11.3 (CVE-2014-7819)
* [webui] Fix redirect after login for iChain and proxy mode

* [backend] fix local building inside a project on a remote OBS instance
* [backend] fix lost events on scheduler restart
--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-buildservice+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages