Foreman 1.10.3 security and bug fix release

Foreman 1.10.3 has been released with a low severity security fix and a
number of bug fixes.

The security issue was:
CVE-2016-2100: private bookmarks can be viewed and edited

Bookmarks set to 'private' can be viewed by and user, and edited or
deleted by any user granted the edit or destroy_bookmarks

Affects Foreman 0.3 and higher.

More information available at Foreman :: Security. This
fix is also in Foreman 1.11.0-RC2 and higher.

Other fixes in this release are for host creation (dropdown menus,
compute profiles) and authorisation.

Full release notes for all of the changes are on the website here:

==== Upgrading ====
When upgrading, follow these instructions:

If you're installing a new instance, follow the quickstart:

Packages may be found in the 1.10 directories on both
and, and tarballs are on
Foreman 1.10 adds Debian packages for armhf (v7).

The GPG key used for RPMs and tarballs has the following fingerprint:
9EFD 673A 649D 77F5 C615 44AC C1B2 621D BE67 E9DA
(Foreman :: Security)

Bug reporting

··· ============= If you come across a bug, please file it and note the version of Foreman that you're using in the report.

Foreman: Foreman
Proxy: Foreman

Dominic Cleal