Hello Foreman community,
Foreman 3.15.1 is now available! This release addresses a critical security vulnerability (CVE-2025-10622) involving OS command injection through the ct_location and fcct_location parameters.
Packages may be found in the 3.15 directories on both deb.theforeman.org and yum.theforeman.org, and tarballs are on downloads.theforeman.org.
The GPG key used for signing RPMs and tarballs has the following fingerprint:
E8C5B839A994276DB61B0228EF5D6BD3A8356411
The GPG key used for signing DEBs has the following fingerprint:
5B7C3E5A735BCB4D615829DC0BDDA991FD7AAC8A.