We just released OBS 2.1.1 maintenance und security fix release.
Users of OBS 2.1.0 should update ASAP due to a critical security issue. OBS 2.0
and before is not affected by this.
Apart from this we have also a number of bugfixes, find details below.
Special thanks go to Vivian Zhang from Intel and David Greaves for their contributions
to this release.
It got released to the ususal places:
Appliance: http://en.opensuse.org/openSUSE:Build_Service_Appliance
Packages: http://download.opensuse.org/repositories/openSUSE:/Tools/
Git: http://www.gitorious.org/opensuse/build-service/commits/2.1
Changes:
- Default build target list got updated
- Support for filtering user base when using LDAP database for authentification
- LDAP support enforces the usage of SSL for authentification now for security reasons
Bugfixes:
- api got fixes which allowed a cross side scripting attack to change a users password,
if he is logged in and clicked on a crafted URL elsewhere. (Affected only OBS 2.1.0) - api handles request state "revoked" also as final state now
- webui received multiple layout fixes and improvements esp. when handling sources.
- webui is CC'ng now all bugowners if multiple are defined (#513167)
- source service daemon has been fixed to support long running processes
- worker code download is honoring proxy settings now (#630994)
--
Adrian Schroeter
SUSE Linux Products GmbH
email: adrian@suse.de