Mailinglist Archive: opensuse-buildservice (70 mails)

< Previous Next >
[opensuse-buildservice] Open Build Service 2.9.4 released​
OBS 2.9.4 released

We're happy to announce the release of Open Build Service Version 2.9.4.

This release includes 2 security fixes and we recommend to update your OBS instance as soon as possible.
Please check out the release notes for further details or contact us.

Once again a big thank you goes to Marcus Hüwe who found the security bugs, provided detailed bug descriptions and patches:-)

If you find security bugs yourself, please report them to security@xxxxxxx.

Install 2.9

Please read our setup instructions

or even better, use our appliance

Update to OBS 2.9

In case you update from a previous OBS stable release please read
the README.UPDATERS file which comes with this version.

OBS Appliance users who have set up their LVM

can just replace their appliance image without data loss. The migration
will happen automatically.

Details from Release Notes


* Fixes permission check for bs requests with source projects that link
to another project (CVE-2018-12466, bsc#1098934)
* Fixes permission check in the InitializeDevelPackage attribute codepath (CVE-2018-12467, bsc#1100217)
* Fix permission check of linked projects in BsRequestAction.check_action_permission
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-buildservice+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages