Foreman 1.11.3 has now been released to our repositories with a security fix and various bug fixes, including for two prominent DHCP issues.
The security issue was: CVE-2016-4451: Privilege escalation through Organization and Locations API When using the API as a user with unlimited filters, the current context could be set to an organization/location that the user was not associated to. Affects Foreman 1.7 and higher. See https://theforeman.org/security.html for more details. Full release notes for all of the changes are on the website: https://theforeman.org/manuals/1.11/index.html#Releasenotesfor1.11.3 Information =========== See the links below for how to get it by installing or upgrading: Installation quick start: https://theforeman.org/manuals/1.11/quickstart_guide.html Upgrade instructions: https://theforeman.org/manuals/1.11/index.html#3.6Upgrade Release notes: https://theforeman.org/manuals/1.11/index.html#Releasenotesfor1.11 Do take note of the upgrade warnings and deprecations in this release as they affect most OSes in some way: https://theforeman.org/manuals/1.11/index.html#Upgradewarnings Downloads ========= Packages may be found in the 1.11 directories on both deb.foreman.org and yum.theforeman.org, and tarballs are on downloads.theforeman.org. The GPG key used for RPMs and tarballs has the following fingerprint: 6681 20FA 0528 3FD2 AF60 FC3A 335F 3A45 3494 A06D (https://theforeman.org/security.html#GPGkeys) Debian users should note that the archive GPG key changes in the next week to the following fingerprint: AE0A F310 E2EA 96B6 B6F4 BD72 6F86 00B9 5632 78F6 (https://theforeman.org/security.html#GPGkeys) More information on the Debian GPG change is available at: https://groups.google.com/forum/#!topic/foreman-announce/InFeaMsl7fk Bug reporting ============= If you come across a bug, please file it and note the version of Foreman that you're using in the report. Foreman: http://projects.theforeman.org/projects/foreman/issues/new Proxy: http://projects.theforeman.org/projects/smart-proxy/issues/new Installer: http://projects.theforeman.org/projects/puppet-foreman/issues/new -- Dominic Cleal [email protected] -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: OpenPGP digital signature
