Mailinglist Archive: opensuse-buildservice (48 mails)

< Previous Next >
[opensuse-buildservice] Open Build Service (OBS) 2.9.5 released
OBS 2.9.5 released
==================

This release is fixing in first place an issue with creating
requests with IDs, tracked in bnc#1108435 and CVE-2018-12479.

The issue exists in the API request creation functionality which can
be misused to DOS creating new requests.

Updaters from any OBS 2.9 release can just ugrade the packages
and restart all services. Updaters from former releases should
read the README.UPDATERS file.

OBS update are available from the following projects:

https://build.opensuse.org/project/show/OBS:Server:2.9

The appliance can be downloaded from

http://openbuildservice.org/download


Details from the Release Notes of 2.9.5:
========================================

Bugfixes
========

Frontend:
* Do not allow null characters in comments
* Prevent creation of a request with an ID attribute

Backend:
* avoid wipebinaries in locked projects
* fixes for new genmeta scheduling strategy
* fixed usage of preinstallimages

Features
========

Backend:
* obs_admin can trigger DoD repository meta data updates via
--recheck-dod option

Have a lot of fun with the release,

Henne

--
Henne Vogelsang
http://www.opensuse.org
Everybody has a plan, until they get hit.
- Mike Tyson
--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-buildservice+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages