This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --FpqsSaL3lF437MtlIiPbDqRWxKQI3k4c5 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Maybe it's worth updating foreman -------- Original Message -------- Subject: [foreman-announce] Foreman 1.5.1 security, bug fix and enhanceme= nt update Date: Wed, 18 Jun 2014 13:25:10 +0100 From: Dominic Cleal <dcleal+g(a)redhat.com&gt; Reply-To: foreman-users <foreman-users(a)googlegroups.com&gt; To: foreman-announce <foreman-announce(a)googlegroups.com&gt;, foreman-= users <foreman-users(a)googlegroups.com&gt; Foreman 1.5.1 has been released, with many bug fixes for issues found in 1.5, three security fixes and a few minor features. The security issues fixed are: 1. TFTP boot file fetch API permits remote code execution CVE identifier: CVE-2014-0007 Redmine issue: http://projects.theforeman.org/issues/6086 Affects all known Foreman versions 2. Stored cross site scripting (XSS) in notification dialogs CVE identifier: CVE-2014-3491 Redmine issue: http://projects.theforeman.org/issues/5881 Affects all known Foreman versions 3. Stored cross site scripting (XSS) in YAML preview CVE identifier: CVE-2014-3492 Redmine issue: http://projects.theforeman.org/issues/6149 Affects all known Foreman versions Additional details are available on our security advisories page: http://theforeman.org/security.html Other notable changes are: - VMware compute profile issues fixed (#5652) - Puppet 3.6 smart proxy compatibility fixed (#5856) - DHCP lease conflict issues with Discovery (#5637) - New compute profiles API, fixed API host creation (#4250) - Audit field length issue with smart class parameters (#5671) The release also includes a new version of the Hammer CLI, version 0.1.1 with a number of features and fixes. See the release notes and Redmine for full change lists: http://theforeman.org/manuals/1.5/index.html#Releasenotesfor1.5.1 http://projects.theforeman.org/rb/release/16 =3D=3D=3D=3D Upgrading =3D=3D=3D=3D Fully supported with package upgrades from both 1.4 and 1.5.0. Packages are in yum.theforeman.org / deb.theforeman.org under the "1.5" directories or components. Please read the instructions here: http://theforeman.org/manuals/1.5/index.html#3.6Upgrade --=20 Dominic Cleal Red Hat Engineering --=20 You received this message because you are subscribed to the Google Groups= "foreman-announce" group. To unsubscribe from this group and stop receiving emails from it, send an= email to foreman-announce+unsubscribe(a)googlegroups.com. For more options, visit https://groups.google.com/d/optout. --FpqsSaL3lF437MtlIiPbDqRWxKQI3k4c5 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" --FpqsSaL3lF437MtlIiPbDqRWxKQI3k4c5--