Mailinglist Archive: opensuse-buildservice (77 mails)

< Previous Next >
[opensuse-buildservice] Open Build Service (OBS) 2.9.6 released
OBS 2.9.6 released
================

This is a security and bugfix release. It's applying fixes related to
permissions and authorizations and a patch for a Rails security
update, that was assigned with the CVE identifier CVE-2019-5419.

Updaters from any OBS 2.9 release can upgrade the packages
and restart all services. Updaters from former releases should
read the README.UPDATERS file.

OBS update is available from the following project:

https://build.opensuse.org/project/show/OBS:Server:2.9

The appliance can be downloaded from:

http://openbuildservice.org/download


Details from the Release Notes of 2.9.6:
================================

Bugfixes
========

Frontend:
  * Rails security update was patched (CVE-2019-5419).
  * Added upper-limit to range to avoid long running queries in Webui::MonitorController.
  * In WebUI, only admins are allowed to create DoD repositories.
  * In WebUI, only admins are allowed to create sourceaccess/access repositories flags.
  * Added missing authorization to move repository path in Webui::ProjectController.
* Require sourceaccess by default in `require_package`.


Regards,

David

--
David Dionisio Kang -dkang@xxxxxxx |dkang@xxxxxxxx
BuildService Engineer
SUSE Linux GmbH, Maxfeldstr. 5, D-90409 Nürnberg
Tel: +49-911-74053-0; Fax: +49-911-7417755;https://www.suse.com/
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard,
Graham Norton, HRB 21284 (AG Nürnberg)

--
David Dionisio Kang - dkang@xxxxxxx | dkang@xxxxxxxx
BuildService Engineer
SUSE Linux GmbH, Maxfeldstr. 5, D-90409 Nürnberg
Tel: +49-911-74053-0; Fax: +49-911-7417755; https://www.suse.com/
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard,
Graham Norton, HRB 21284 (AG Nürnberg)

< Previous Next >
This Thread
  • No further messages