We've released Foreman 1.5.2 with lots of bug fixes, one security issue
fixed and small enhancements.
The security issue was:
Stored cross site scripting (XSS) in operating system names
CVE identifier: CVE-2014-3531
Redmine issue: Bug #6580: CVE-2014-3531 - XSS in operating system name / description - Foreman
Affects all known Foreman versions
Notable changes include:
- Proxy errors with DHCP reservations fixed
- Access to power/console buttons for non-admin users fixed
- Puppet directory environments are now searched for modules
Please take a moment to browse the full release notes in our maunal:
http://theforeman.org/manuals/1.5/index.html#Releasenotesfor1.5.2
==== Upgrading ====
Fully supported with package upgrades from both 1.4 and 1.5.
Packages are in yum.theforeman.org / deb.theforeman.org under the "1.5"
directories or components.
Please read the instructions here:
http://theforeman.org/manuals/1.5/index.html#3.6Upgrade
Remember that since the security incident in July 2014, our packages are
signed with a different GPG key to previous releases. Read the
following announcement for the commands you need to update them:
https://groups.google.com/forum/#!topic/foreman-announce/BiIT784Mb7Q