Mailinglist Archive: opensuse-buildservice (124 mails)

< Previous Next >
[opensuse-buildservice] OBS 2.7.1 released
  • From: Christian Bruckmayer <cbruckmayer@xxxxxxxx>
  • Date: Tue, 16 Aug 2016 14:57:26 +0200
  • Message-id: <>
OBS 2.7.1 released

This release fixes two important CVEs in OBS related dependencies
(rails, actionview, activerecord). The related CVEs are stated in the
Release Notes. For more information, please see this blog article from
the official rails website:

Previous OBS releases are also affected, but not yet fixed. We plan to
release a fix for 2.6 in the next few days.

Updaters from any OBS 2.7.0 release can just upgrade the packages
and restart all services. Updaters from former releases should
read the README.UPDATERS file.

OBS update are available from the following projects:

The appliance can be downloaded from

Details from the Release Notes of 2.7.1:

Feature backports:

* none


* none


* [webui][api] Update rails to version to fix CVE-2016-6316 and
* [webui] Users in not 'confirmed' state were allowed to login

* [api] Users in not 'confirmed' state were allowed to run services via
former created token

* [backend] Fixing project copy which includes binaries
* [backend] worker supports jobs from OBS 2.8 scheduler
* [backend] support publishing of .vdi (VirtualBox image) files

Christian Bruckmayer

SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton,
HRB 21284 (AG Nürnberg)

Maxfeldstraße 5
90409 Nürnberg
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-buildservice+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages