Foreman 1.10.3 has been released with a low severity security fix and a
number of bug fixes.
The security issue was:
CVE-2016-2100: private bookmarks can be viewed and edited
Bookmarks set to 'private' can be viewed by and user, and edited or
deleted by any user granted the edit or destroy_bookmarks
permissions.
Affects Foreman 0.3 and higher.
More information available at Foreman :: Security. This
fix is also in Foreman 1.11.0-RC2 and higher.
Other fixes in this release are for host creation (dropdown menus,
compute profiles) and authorisation.
Full release notes for all of the changes are on the website here:
http://theforeman.org/manuals/1.10/index.html#Releasenotesfor1.10.3
http://projects.theforeman.org/rb/release/145
==== Upgrading ====
When upgrading, follow these instructions:
http://theforeman.org/manuals/1.10/index.html#3.6Upgrade
If you're installing a new instance, follow the quickstart:
http://theforeman.org/manuals/1.10/index.html#2.Quickstart
Packages may be found in the 1.10 directories on both deb.foreman.org
and yum.theforeman.org, and tarballs are on downloads.theforeman.org.
Foreman 1.10 adds Debian packages for armhf (v7).
The GPG key used for RPMs and tarballs has the following fingerprint:
9EFD 673A 649D 77F5 C615 44AC C1B2 621D BE67 E9DA
(Foreman :: Security)
Bug reporting
···
============= If you come across a bug, please file it and note the version of Foreman that you're using in the report.Foreman: Foreman
Proxy: Foreman
Installer:
Foreman
–
Dominic Cleal
dominic@cleal.org