Mailinglist Archive: opensuse-buildservice (48 mails)

< Previous Next >
[opensuse-buildservice] Open Build Service (OBS) 2.9.5 released
OBS 2.9.5 released

This release is fixing in first place an issue with creating
requests with IDs, tracked in bnc#1108435 and CVE-2018-12479.

The issue exists in the API request creation functionality which can
be misused to DOS creating new requests.

Updaters from any OBS 2.9 release can just ugrade the packages
and restart all services. Updaters from former releases should
read the README.UPDATERS file.

OBS update are available from the following projects:

The appliance can be downloaded from

Details from the Release Notes of 2.9.5:


* Do not allow null characters in comments
* Prevent creation of a request with an ID attribute

* avoid wipebinaries in locked projects
* fixes for new genmeta scheduling strategy
* fixed usage of preinstallimages


* obs_admin can trigger DoD repository meta data updates via
--recheck-dod option

Have a lot of fun with the release,


Henne Vogelsang
Everybody has a plan, until they get hit.
- Mike Tyson
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-buildservice+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages