Mailinglist Archive: opensuse-buildservice (124 mails)

< Previous Next >
[opensuse-buildservice] OBS 2.7.1 released
  • From: Christian Bruckmayer <cbruckmayer@xxxxxxxx>
  • Date: Tue, 16 Aug 2016 14:57:26 +0200
  • Message-id: <57B30DB6.3000108@suse.com>
OBS 2.7.1 released
==================

This release fixes two important CVEs in OBS related dependencies
(rails, actionview, activerecord). The related CVEs are stated in the
Release Notes. For more information, please see this blog article from
the official rails website:
http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/

Previous OBS releases are also affected, but not yet fixed. We plan to
release a fix for 2.6 in the next few days.

Updaters from any OBS 2.7.0 release can just upgrade the packages
and restart all services. Updaters from former releases should
read the README.UPDATERS file.

OBS update are available from the following projects:

https://build.opensuse.org/project/show/OBS:Server:2.7

The appliance can be downloaded from

http://openbuildservice.org/download

Details from the Release Notes of 2.7.1:
========================================

Feature backports:
==================

* none

Changes:
========

* none

Bugfixes:
=========

* [webui][api] Update rails to version 4.2.7.1 to fix CVE-2016-6316 and
CVE-2016-6317
* [webui] Users in not 'confirmed' state were allowed to login

* [api] Users in not 'confirmed' state were allowed to run services via
former created token

* [backend] Fixing project copy which includes binaries
* [backend] worker supports jobs from OBS 2.8 scheduler
* [backend] support publishing of .vdi (VirtualBox image) files

--
Christian Bruckmayer

SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton,
HRB 21284 (AG Nürnberg)

Maxfeldstraße 5
90409 Nürnberg
Germany
--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-buildservice+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages