Foreman 1.2.3 has been released to fix a security issue. We recommend
users update as soon as possible. The security issue resolved was:
- SQL injection in host and host group overrides/matcher associations
CVE identifier: CVE-2013-4386
Issue tracker: Bug #3160: CVE-2013-4386 - SQL injection in host and host group lookup_value overrides/matcher associations - Foreman
Authenticated access to Foreman is required to exploit it.
Two packaging bugs were fixed, see the release notes for full details:
http://theforeman.org/manuals/1.2/index.html#Releasenotesfor1.2.3
http://projects.theforeman.org/versions/33
This release only contains an update to Foreman itself, not the smart
proxy or other projects.
==== Packages ====
From 1.2.x, simply upgrade packages from our repositories to version
1.2.3.
Package repos are available here:
http://yum.theforeman.org/releases/1.2/
http://deb.theforeman.org/
Tarballs available here:
http://projects.theforeman.org/projects/foreman/files
==== Reporting issues ====
If you have any issues, please follow the usual support process and file
bugs in redmine.
Support information: Foreman :: Support
Foreman: Foreman