Foreman 1.7.5 has been released with a security fix and a couple of bug
The security issue was:
CVE-2015-1844: users are not restricted to organizations/locations
When a non-admin user is associated to organizations or locations,
their access is not correctly restricted. API access allows access to
resources in any org/location, and UI access when the user is
associated to more than one org/location is not restricted.
Users without orgs/locations enabled (the default) are unaffected.
Believed to affect Foreman 1.2.0 and higher
More information available at Foreman :: Security
Full release notes for all of the bug fixes are on the website here:
This may be the last 1.7.x release, and so users are recommended to
start looking at Foreman 1.8 which has now been released.
==== Upgrading ====
Fully supported with package upgrades from both 1.6 and 1.7.
When upgrading, follow these instructions and please take note of the
known issues and warnings (especially Ubuntu 12.04 users):
If you're installing a new instance, follow the quickstart:
Packages may be found in the 1.7 directories on both deb.foreman.org and
yum.theforeman.org, and tarballs are on downloads.theforeman.org.
The GPG key used for RPMs and tarballs has the following fingerprint:
730A 9338 F93E E729 2EAC 2052 4C25 8BD4 2D76 2E88
(Foreman :: Security)