Foreman 1.12.2 is now available in our repositories with a number of bug
fixes and some security issues fixed:
- CVE-2016-6319: Foreman form helpers do not escape JS when rendering label
- CVE-2016-6320: network interface device identifiers may contain stored
XSS on host form - Ruby on Rails updated to 4.2.7.1 for security fixes
More information at Foreman :: Security
Full release notes for all of the changes:
https://theforeman.org/manuals/1.12/index.html#Releasenotesfor1.12.2
Please note that a change to the location/organization external node
(ENC) parameters originally shipped in 1.12.0 has been reverted in this
release. The full names of the location/org have been added instead to
the location_full and organization_full parameters.
Information
···
=========== See the links below for how to get it by installing or upgrading:Installation quick start:
https://theforeman.org/manuals/1.12/quickstart_guide.html
Upgrade instructions:
https://theforeman.org/manuals/1.12/index.html#3.6Upgrade
Release notes:
https://theforeman.org/manuals/1.12/index.html#Releasenotesfor1.12
Do take note of the upgrade warnings and deprecations in this release:
https://theforeman.org/manuals/1.12/index.html#Upgradewarnings
Our list of supported OSes has changed, so please check these when
setting up new installations or upgrading.
We also have an experimental guide to upgrading a combined Foreman 1.12
and Puppet 3 installation to a Puppet 4 installation:
http://projects.theforeman.org/projects/foreman/wiki/Upgrading_from_Puppet_3_to_4
Downloads
Packages may be found in the 1.12 directories on both deb.foreman.org
and yum.theforeman.org, and tarballs are on downloads.theforeman.org.
The GPG key used for RPMs and tarballs has the following fingerprint:
860D D70A 378A 84CE 8D47 C10E B507 F6A6 7D49 2D06
(Foreman :: Security)
Bug reporting
If you come across a bug, please file it and note the version of Foreman
that you’re using in the report.
Foreman: Foreman
Proxy: Foreman
Installer:
Foreman
–
Dominic Cleal
dominic@cleal.org