On Mon, Nov 1, 2021 at 11:06 AM Pierre-Yves Chibon <pingou@xxxxxxxxxxxx> wrote: > > Good Morning Everyone, > > This morning, I have cut a new release of pagure: 5.13.3 with the following > changelog: > - Warn users when a PR contains some characters > - srcfpo theme: Change "Packages" link to new packages website (Brendan Early) > - srcfpo theme: left-align the lines in description (Zbigniew Jędrzejewski-Szmek) > - fas user url updated for new accounts system (Mark O Brien) > - Change fas link from admin.fp.o to accounts.fp.o (Lenka Segura) > - Remove message about 60 day key length (Ken Dreyer) > - Escape $ to fix Jenkins interpolation warning (#5178) (Anatoli Babenia) > - Fix another invalid <img> width/height attribute (Anatoli Babenia) > - Fix missing space before src in <script> (Anatoli Babenia) > - Remove duplicate class attribute from Clone dropdown (Anatoli Babenia) > - Fix invalid <img> height (no px is allowed here) (Anatoli Babenia) > - Add Translation status link on repo_info page at src.fp.o (Sundeep Anand) > - Update fedmsg homepage (Rafael Fontenelle) > - Add support for noggin with the FAS auth backend > - Update collaborator access level descriptions (Michel Alexandre Salim) > - Fix a type, add missing work hand (Jan Kuparinen) > - Explicitly require setuptools, pagure/lib/git_auth.py imports pkg_resources (Miro Hrončok) > - Fix getting the tests to run on CentOS > - Fix Pagure's overview page verbatim error (ankitapareek) > > > It includes, amongst other, patches for CVE-2021-42574 and CVE-2021-42694 > More can be found about them at: > https://access.redhat.com/security/vulnerabilities/RHSB-2021-007 > > I have already upgraded stg.pagure.io and src.stg.fp.o. > You can see the patch for the two CVE above working at: > https://stg.pagure.io/foo/pull-request/28 > > The link to the account system has been updated as shown in: > https://src.stg.fedoraproject.org/user/pingou > > > I would like to upgrade pagure in production as well. > > Thoughts? +1/-1? > Isn't freeze over now? +1 -- 真実はいつも一つ!/ Always, there's only one truth! _______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
