Hello all,
I'd like to announce two releases, Katello 2.4.2 and a minor update to
Katello 2.3.1.
The main purpose of these updates was a security vulnerability
CVE-2016-3072 (Bug #14381: CVE-2016-3072 Authenticated sql injection via sort_by and sort_attr parameters - Katello - Foreman).
Special thanks to Oliver Gruskovnjak for reporting it!
Other fixes as part of 2.4.2 include:
- failed pulp tasks are not resumable
(Bug #14209: Failed pulp tasks are not resumable. - Katello - Foreman) - adding a preupgrade script to aid in 3.0 upgrades
(Bug #14209: Failed pulp tasks are not resumable. - Katello - Foreman)
The release notes will be updated later today.
Upgrade instructions:
2.4: http://www.katello.org/docs/2.4/upgrade/index.html
2.3: http://www.katello.org/docs/2.3/upgrade/index.html
Thanks again to all our users and testers!
-Justin Sherrill