2 # openSUSE Build Service 2.4.6
5 Updaters from any OBS 2.4 release can just ugrade the packages
6 and restart all services. Updaters from former releases should
7 read the README.UPDATERS file.
9 This release fixes a serious security leak tracked as CVE-2014-0594:
10 The CSRF protection got incorrectly disabled, this means any
11 web site can inject actions as long a user has a running session.
13 All OBS 2.4 admins are requested to updated immediatly to close this
29 * webui: fix CSRF protection (CVE-2014-0594)
30 * webui: fix a syntax error when storing instance configuration
31 * api: fix database locking when changing states of requests
32 * api: fix typo that fails retry for connection when using LDAP auth.
33 * api: fix issue tracking via delayed job