Foreman 1.11.4 has now been released to our repositories with three security fixes and a few bug fixes.
The security issues were: - CVE-2016-5390: API host interfaces data not restricted by view_hosts filters - CVE-2016-4995: information disclosure through unauthorized template previews - CVE-2016-4475: privilege escalation through orgs/location API and UI See https://theforeman.org/security.html for more details. Full release notes for all of the changes are on the website: https://theforeman.org/manuals/1.11/index.html#Releasenotesfor1.11.4 Also a reminder - this is probably the last update to the 1.11.x series as 1.12 is stable and highly recommended over 1.11. Information =========== See the links below for how to get it: Upgrade instructions: https://theforeman.org/manuals/1.11/index.html#3.6Upgrade Release notes: https://theforeman.org/manuals/1.11/index.html#Releasenotesfor1.11 Do take note of the upgrade warnings and deprecations in this release as they affect most OSes in some way: https://theforeman.org/manuals/1.11/index.html#Upgradewarnings Downloads ========= Packages may be found in the 1.11 directories on both deb.foreman.org and yum.theforeman.org, and tarballs are on downloads.theforeman.org. The GPG key used for RPMs and tarballs has the following fingerprint: 6681 20FA 0528 3FD2 AF60 FC3A 335F 3A45 3494 A06D (https://theforeman.org/security.html#GPGkeys) Bug reporting ============= If you come across a bug, please file it and note the version of Foreman that you're using in the report. Foreman: http://projects.theforeman.org/projects/foreman/issues/new Proxy: http://projects.theforeman.org/projects/smart-proxy/issues/new Installer: http://projects.theforeman.org/projects/puppet-foreman/issues/new -- Dominic Cleal [email protected] -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: OpenPGP digital signature
