-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Apache VCL project has released version 2.5.2. This is a bug fix release to address 2 vulnerabilities. The CVE numbers for the vulnerabilities are
CVE-2024-53678 CVE-2024-53679 Both are related to improper validation of submitted form data. Information about the CVEs can be found on our security page[1]. Information on downloading and installing 2.5.2 can be found on our download page: http://vcl.apache.org/downloads/download.html Release notes can be found here: http://vcl.apache.org/docs/releasenotes.html A change log for these releases can be found here: http://vcl.apache.org/docs/changelog.html Installation and upgrade scripts are included in the release. There are web instructions on manually doing installs and upgrades linked to from the download page. Apache VCL is a self-service system used to dynamically provision and broker remote access to a dedicated compute environment for an end-user. The provisioned computers are typically housed in a data center and may be physical blade servers, traditional rack mounted servers, or virtual machines. VCL can also broker access to standalone machines such as a lab computers on a university campus. One of the primary goals of VCL is to deliver a dedicated compute environment to a user for a limited time through a web interface. This compute environment can range from something as simple as a virtual machine running productivity software to a machine room blade running high end software (i.e. a CAD, GIS, statistical package or an Enterprise level application) to a cluster of interconnected physical (bare metal) compute nodes. Using the scheduling API, VCL can be used to automate the provisioning of servers in a server farm or HPC cluster. [1] https://vcl.apache.org/security.html Josh Thompson Apache VCL release manager -----BEGIN PGP SIGNATURE----- iFwEARECAB0WIQRMIdRtWXideTZDK31X8tBw1209AwUCZ+GTjgAKCRBX8tBw1209 A6WqAJ91DWSkK7N+a3/HHEEirvj4rdt1hwCXcgiQcFWwEB4deLz/BpLGj/fs6w== =KKq/ -----END PGP SIGNATURE-----
