Foreman 3.16.2 is now available! This release includes a critical security fix for CVE-2025-9572, a high-severity GraphQL API permission bypass that could lead to unauthorized access to location and organization data. Additionally, the installer adds proper migration support for the foreman_ovirt plugin.
Packages may be found in the 3.16 directories on both deb.theforeman.org and yum.theforeman.org, and tarballs are on downloads.theforeman.org.
The GPG key used for signing RPMs and tarballs has the following fingerprint:
4EF094BBD6C43ADA8E4190BD18357B59AD173208
The GPG key used for signing DEBs has the following fingerprint:
5B7C3E5A735BCB4D615829DC0BDDA991FD7AAC8A.