Version 3.10.1 is now available with two critical security fixes. CVE-2024-7923 affects all Katello users while the CVE-2024-7012 affects users of external authentication. For both it is critical to rerun the installer. It also has a number of bugfixes.
Packages may be found in the 3.10 directories on both deb.theforeman.org and yum.theforeman.org, and tarballs are on downloads.theforeman.org.
The GPG key used for signing RPMs and tarballs has the following fingerprint:
63B38BE51B2DDDAFF7EF7EC90A8F8D4093DD1D0C
The GPG key used for signing DEBs has the following fingerprint:
5B7C3E5A735BCB4D615829DC0BDDA991FD7AAC8A.