On Mon, Nov 01, 2021 at 11:07:26AM -0400, Neal Gompa wrote: > On Mon, Nov 1, 2021 at 11:06 AM Pierre-Yves Chibon <pingou@xxxxxxxxxxxx> wrote: > > > > Good Morning Everyone, > > > > This morning, I have cut a new release of pagure: 5.13.3 with the following > > changelog: > > - Warn users when a PR contains some characters > > - srcfpo theme: Change "Packages" link to new packages website (Brendan Early) > > - srcfpo theme: left-align the lines in description (Zbigniew Jędrzejewski-Szmek) > > - fas user url updated for new accounts system (Mark O Brien) > > - Change fas link from admin.fp.o to accounts.fp.o (Lenka Segura) > > - Remove message about 60 day key length (Ken Dreyer) > > - Escape $ to fix Jenkins interpolation warning (#5178) (Anatoli Babenia) > > - Fix another invalid <img> width/height attribute (Anatoli Babenia) > > - Fix missing space before src in <script> (Anatoli Babenia) > > - Remove duplicate class attribute from Clone dropdown (Anatoli Babenia) > > - Fix invalid <img> height (no px is allowed here) (Anatoli Babenia) > > - Add Translation status link on repo_info page at src.fp.o (Sundeep Anand) > > - Update fedmsg homepage (Rafael Fontenelle) > > - Add support for noggin with the FAS auth backend > > - Update collaborator access level descriptions (Michel Alexandre Salim) > > - Fix a type, add missing work hand (Jan Kuparinen) > > - Explicitly require setuptools, pagure/lib/git_auth.py imports pkg_resources (Miro Hrončok) > > - Fix getting the tests to run on CentOS > > - Fix Pagure's overview page verbatim error (ankitapareek) > > > > > > It includes, amongst other, patches for CVE-2021-42574 and CVE-2021-42694 > > More can be found about them at: > > https://access.redhat.com/security/vulnerabilities/RHSB-2021-007 > > > > I have already upgraded stg.pagure.io and src.stg.fp.o. > > You can see the patch for the two CVE above working at: > > https://stg.pagure.io/foo/pull-request/28 > > > > The link to the account system has been updated as shown in: > > https://src.stg.fedoraproject.org/user/pingou > > > > > > I would like to upgrade pagure in production as well. > > > > Thoughts? +1/-1? > > > > Isn't freeze over now? The day after the release, so I guess it'll warm up on Wednesday ;-) Pierre _______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure