Foreman 1.2.3 has been released to fix a security issue. We recommend
users update as soon as possible. The security issue resolved was:
- SQL injection in host and host group overrides/matcher associations
CVE identifier: CVE-2013-4386
Issue tracker: Bug #3160: CVE-2013-4386 - SQL injection in host and host group lookup_value overrides/matcher associations - Foreman
Authenticated access to Foreman is required to exploit it.
Two packaging bugs were fixed, see the release notes for full details:
This release only contains an update to Foreman itself, not the smart
proxy or other projects.
==== Packages ====
From 1.2.x, simply upgrade packages from our repositories to version
Package repos are available here:
Tarballs available here:
==== Reporting issues ====
If you have any issues, please follow the usual support process and file
bugs in redmine.
Support information: Foreman :: Support