Overview
Request 1082660 accepted
- Version 2.12
* Update translations
* CVE-2023-28120: Update active support to fix possible XSS Security Vulnerability
in bytesliced strings for html_safe. (bsc#1209507)
* CVE-2023-27530: Update rack to mitigate possible DoS in multipart mime parsing (bsc#1209096)
* Force rmt-client-setup-res script to use https (bsc#1209825)
* Download repomd.xml.asc before repomd.xml.key, because there are repos that only have repomd.xml.asc
- Version 2.11:
* Mark secrets.yml.key file as part of the rpm to allow seamless downgrades (bsc#1207670)
* Adding -f to the file move command when moving the mirrored directory to its final location (bsc#1203171)
* Fix %post install of pubcloud subpackage reload of nginx (bsc#1206593)
* Skip warnings regarding nokogiri libxml version mismatch (bsc#1202053)
- Release version 2.10:
- Add option to turn off system token support (bsc#1205089)
- Update the `last_seen_at` column on zypper service refresh
- Do not retry to import non-existing files in air-gapped mode (bsc#1204769)
- Fix CVE-2022-31254 (bsc#1204285): rmt-server-pubcloud allows to escalate from user _rmt to root
Root-level escalation vector bug was found in the packaging file which has been mitigated.
- adapt rmt-client-setup-res script to work on SLL9/RHEL9
- Send system creation and product activation dates to SCC for better
visibility in SCC.
- Created by fschnizlein
- In state accepted
Request History
fschnizlein created request
- Version 2.12
* Update translations
* CVE-2023-28120: Update active support to fix possible XSS Security Vulnerability
in bytesliced strings for html_safe. (bsc#1209507)
* CVE-2023-27530: Update rack to mitigate possible DoS in multipart mime parsing (bsc#1209096)
* Force rmt-client-setup-res script to use https (bsc#1209825)
* Download repomd.xml.asc before repomd.xml.key, because there are repos that only have repomd.xml.asc
- Version 2.11:
* Mark secrets.yml.key file as part of the rpm to allow seamless downgrades (bsc#1207670)
* Adding -f to the file move command when moving the mirrored directory to its final location (bsc#1203171)
* Fix %post install of pubcloud subpackage reload of nginx (bsc#1206593)
* Skip warnings regarding nokogiri libxml version mismatch (bsc#1202053)
- Release version 2.10:
- Add option to turn off system token support (bsc#1205089)
- Update the `last_seen_at` column on zypper service refresh
- Do not retry to import non-existing files in air-gapped mode (bsc#1204769)
- Fix CVE-2022-31254 (bsc#1204285): rmt-server-pubcloud allows to escalate from user _rmt to root
Root-level escalation vector bug was found in the packaging file which has been mitigated.
- adapt rmt-client-setup-res script to work on SLL9/RHEL9
- Send system creation and product activation dates to SCC for better
visibility in SCC.
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
licensedigger accepted review
ok
staging-bot added openSUSE:Factory:Staging:adi:6 as a reviewer
Being evaluated by staging project "openSUSE:Factory:Staging:adi:6"
staging-bot accepted review
Picked "openSUSE:Factory:Staging:adi:6"
jengelh accepted review
dimstar_suse accepted review
Staging Project openSUSE:Factory:Staging:adi:6 got accepted.
dimstar_suse approved review
Staging Project openSUSE:Factory:Staging:adi:6 got accepted.
dimstar_suse accepted request
Staging Project openSUSE:Factory:Staging:adi:6 got accepted.