Foreman 1.7.4 has been released with a security fix and some bug &
The security issue was:
CVE-2015-1816: SSL certificate not verified on LDAP connections
When making an SSL connection to an LDAP authentication source in
Foreman, the remote server certificate is accepted without any
verification against known certificate authorities.
Affects Foreman 1.3.0 and higher
More information available at Foreman :: Security
The notable bug fix for this release is in the ENC support for YAML and
JSON smart class parameters, which stopped working properly in 1.7.3.
Full release notes for all of the bug fixes are on the website here:
==== Upgrading ====
Fully supported with package upgrades from both 1.6 and 1.7.
When upgrading, follow these instructions and please take note of the
known issues and warnings (especially Ubuntu 12.04 users):
If you're installing a new test instance, follow the quickstart:
The GPG key used for RPMs and tarballs has the following fingerprint:
730A 9338 F93E E729 2EAC 2052 4C25 8BD4 2D76 2E88
(Foreman :: Security)