Foreman 1.12.2 is now available in our repositories with a number of bug
fixes and some security issues fixed:
- CVE-2016-6319: Foreman form helpers do not escape JS when rendering label
- CVE-2016-6320: network interface device identifiers may contain stored
XSS on host form
- Ruby on Rails updated to 188.8.131.52 for security fixes
More information at Foreman :: Security
Full release notes for all of the changes:
Please note that a change to the location/organization external node
(ENC) parameters originally shipped in 1.12.0 has been reverted in this
release. The full names of the location/org have been added instead to
the location_full and organization_full parameters.
···=========== See the links below for how to get it by installing or upgrading:
Installation quick start:
Do take note of the upgrade warnings and deprecations in this release:
Our list of supported OSes has changed, so please check these when
setting up new installations or upgrading.
We also have an experimental guide to upgrading a combined Foreman 1.12
and Puppet 3 installation to a Puppet 4 installation:
Packages may be found in the 1.12 directories on both deb.foreman.org
and yum.theforeman.org, and tarballs are on downloads.theforeman.org.
The GPG key used for RPMs and tarballs has the following fingerprint:
860D D70A 378A 84CE 8D47 C10E B507 F6A6 7D49 2D06
(Foreman :: Security)
If you come across a bug, please file it and note the version of Foreman
that you’re using in the report.