Foreman 1.6.1 has been released with a couple of minor security issues
fixed and a number of bugs. The security items are:
- CVE-2014-3590: user logout vulnerable to CSRF
Affects all known Foreman versions - CVE-2014-3653: stored cross site scripting (XSS) in template previews
Affects all known Foreman versions
More information at Foreman :: Security
Full release notes for all of the bug fixes are on the website here:
http://theforeman.org/manuals/1.6/index.html#Releasenotesfor1.6.1
http://projects.theforeman.org/rb/release/22
==== Upgrading ====
Fully supported with package upgrades from both 1.5 and 1.6.
Packages are in yum.theforeman.org / deb.theforeman.org under the "1.6"
directories or components.
Please read the instructions here:
http://theforeman.org/manuals/1.6/index.html#3.6Upgrade