Skip to content

OBS 2.1.1 released
Compare
Choose a tag to compare
@hennevogel hennevogel released this 01 Sep 17:01
· 35162 commits to master since this release
2.1.1
b77649c

We just released OBS 2.1.1 maintenance und security fix release.

Users of OBS 2.1.0 should update ASAP due to a critical security issue. OBS 2.0
and before is not affected by this.

Apart from this we have also a number of bugfixes, find details below.

Special thanks go to Vivian Zhang from Intel and David Greaves for their contributions
to this release.

It got released to the ususal places:

Appliance: http://en.opensuse.org/openSUSE:Build_Service_Appliance
Packages: http://download.opensuse.org/repositories/openSUSE:/Tools/
Git: http://www.gitorious.org/opensuse/build-service/commits/2.1

Changes:

  • Default build target list got updated
  • Support for filtering user base when using LDAP database for authentification
  • LDAP support enforces the usage of SSL for authentification now for security reasons

Bugfixes:

  • api got fixes which allowed a cross side scripting attack to change a users password,
    if he is logged in and clicked on a crafted URL elsewhere. (Affected only OBS 2.1.0)
  • api handles request state "revoked" also as final state now
  • webui received multiple layout fixes and improvements esp. when handling sources.
  • webui is CC'ng now all bugowners if multiple are defined (#513167)
  • source service daemon has been fixed to support long running processes
  • worker code download is honoring proxy settings now (#630994)
    --
    Adrian Schroeter
    SUSE Linux Products GmbH
    email: adrian@suse.de
Assets 2