Foreman 1.4.4 security and bug fix update

Foreman 1.4.4 has been released, addressing two security issues and
other bugs. All users are encouraged to upgrade.

The security issues fixed are:

  1. Provisioning template previews are world-readable
    CVE identifier: CVE-2014-0192
    Redmine issue: Bug #5436: CVE-2014-0192 - provisioning templates are world accessible - Foreman
    Affects Foreman 1.4.0 to 1.4.3 inclusive

  2. Stored cross site scripting (XSS) in search auto-completion
    CVE identifier: CVE-2014-0208
    Redmine issue: Bug #5471: CVE-2014-0208 - Stored XSS inside search auto-complete key names via parameters - Foreman
    Affects all known Foreman versions

Additional details are available on our security advisories page:

See the release notes and Redmine for full bug lists:

==== Installation ====
Quickstart instructions using the installer:

Packages are in / under the "1.4"
directories or components.

==== Upgrading ====
Fully supported with package upgrades from both 1.3 and 1.4.

Please read the instructions here:

Take note of the following points (especially EL6 users on 1.3):

ยทยทยท -- Dominic Cleal Red Hat Engineering