[dist] 2.4.7 release notes

openSUSE · Mar 12, 2015 · 7824025 · 7824025
1 parent 5559960
commit 7824025
Showing 1 changed file with 30 additions and 0 deletions.
diff --git a/ReleaseNotes-2.4.7 b/ReleaseNotes-2.4.7
@@ -0,0 +1,30 @@
+#
+# openSUSE Build Service 2.4.7
+#
+
+Updaters from any OBS 2.4 release can just ugrade the packages
+and restart all services. Updaters from former releases should
+read the README.UPDATERS file.
+
+This release fixes a serious security leak tracked as CVE-2014-0594:
+ The CSRF protection got incorrectly disabled, this means any
+web site can inject actions as long a user has a running session. 
+
+All OBS 2.4 admins are requested to updated immediatly to close this
+hole.
+
+Feature backports:
+==================
+
+* None
+
+Changes:
+========
+
+* None
+
+Bugfixes:
+=========
+
+* backend: fix arbitrary command execution in service daemon (CVE-2015-0778)
+