• fix bug that project non-owner can generate new webhook secret
  • generate new webhook secret functionality in copr-cli
  • fix forking not to duplicate information that should not be duplicated
  • apiv3: construct dict with project data before deleting it
  • don't set source_build_method for unset packages
  • Change of the default setting of follow_fedora_branching
  • 349 Do not fork package auto-rebuild information

  • fix rawhide_to_release after b15e4504c
  • packaging: Python 2/3, RHEL/Fedora fixes
  • fix custom package webhooks
  • add proper access check for integrations page

  • None task protection
  • apiv3 - pagure integration
  • manual byte-code compilation

  • fix tests under ppc64le
  • fix #320 copr frontend check: remove arch specific condition
  • drop initscripts Require
  • fix #322 frontend: scriptlet stderr pollution
  • contact_us column added into footer
  • graphs optimizied
  • note contact info for GDPR data dump
  • remove logstash configuration from .spec

  • separate version of the copr-frontend-flavor provide
  • ignore errors on "condrestart" foreign services
  • rename user_info flavor template file to user_meta
  • GDPR compliance
  • drop 'passwd' dependency

This update has been submitted for testing by clime.

2 years ago

This update has obsoleted copr-frontend-1.136-1.fc27, and has inherited its bugs and notes.

2 years ago

hello @clime, This is the first release marked as a security release. Right know I can only identify commit https://pagure.io/copr/copr/c/713effa6c7e3a241ad0fd78e27cf0e8af23a6629?branch=master as a security fix. I do not understand the impact of this vulnerability. What exactly could an attacker do with a new webhook secret? Would this invalidate other webhook secrets? From which position could an attacker leverage this vulnerability? Are there other security fixes in this release?

Questions, questions....

This update has been pushed to testing.

2 years ago

This update has been obsoleted by copr-frontend-1.139-1.fc27.

2 years ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
2 years ago
in testing
2 years ago

Automated Test Results