diff --git a/_includes/manuals/3.18/1.2_release_notes.md b/_includes/manuals/3.18/1.2_release_notes.md index e080f6fa2a..9bafeb17e9 100644 --- a/_includes/manuals/3.18/1.2_release_notes.md +++ b/_includes/manuals/3.18/1.2_release_notes.md @@ -26,6 +26,25 @@ The ForemanModal component in Foreman core is now deprecated. If you are a plugi #### PatternFly 3 select form field deprecated The PatternFly 3 select form field component is deprecated. PatternFly 5 Select components are used instead. +### Release notes for 3.18.2 +#### Foreman - Network +* Handling of bond and vlan interface names ([#39371](https://projects.theforeman.org/issues/39371)) + +#### Foreman - Packaging +* CVE-2026-33176: Active Support Denial of Service via large scientific notation strings ([#39190](https://projects.theforeman.org/issues/39190)) +* Install libffi-devel to be able to build fiddle ([#39124](https://projects.theforeman.org/issues/39124)) + +#### Foreman - Security +* CVE-2026-5138: Information disclosure via improper validation of nested request parameters ([#39481](https://projects.theforeman.org/issues/39481)) +* CVE-2026-5135: Unauthorized modification of host configurations via broken access control ([#39480](https://projects.theforeman.org/issues/39480)) +* CVE-2026-5142: Cross-tenant private SSH key disclosure via taxonomy scoping bypass ([#39479](https://projects.theforeman.org/issues/39479)) +* CVE-2026-5136: Privilege escalation via usergroup role assignment manipulation ([#39478](https://projects.theforeman.org/issues/39478)) + +#### Foreman - VM management +* VMware - Normalize firmware type in clone args ([#39310](https://projects.theforeman.org/issues/39310)) + +*A full list of changes in 3.18.2 is available via [Redmine](https://projects.theforeman.org/issues?set_filter=1&sort=id%3Adesc&status_id=closed&f[]=cf_12&op[cf_12]=%3D&v[cf_12][]=2061)* + ### Release notes for {{page.version}}.1 #### Foreman - Internationalization * Update locales for 3.18 ([#39071](https://projects.theforeman.org/issues/39071)) @@ -175,15 +194,19 @@ We'd like to thank the following people who contributed to the Foreman {{page.ve Adam Lazik, Adam Růžička, Adrian Parreiras Horta, +Andrei Lakatos, Archana Kumari, Arvind Jangir, Bernhard Suttner, Chris Roberts, +Christian Paruzel, +Dirk Götz, EnigmaXV, Eric Helms, Evgeni Golov, Ewoud Kohl van Wijngaarden, Francesco Di Nucci, +Gene Liverman, Giovanni Formisano, Houssam Sahli, Ian Ballou, @@ -194,25 +217,32 @@ Kenyon Ralph, Konstantinos Familonidis, Leos Stejskal, Lucy Fu, +Lukas Hellebrandt, Lukas Jezek, +Lukas Pramuk, MarcWort, Maria Agaphontzev, Markus Reisner, +Matt Darcy, Maximilian Kolb, Nadja Heitmann, Nakul Pathak, Nofar Alfassi, +Odilon Sousa, Oleh Fedorenko, Ondřej Gajdušek, Pablo Méndez Hernández, Pat Riehecky, +Pavan Soma Shekar, Peter Ondrejka, Ryan, Shimon Shtein, +Shubham Ganar, Takashi Kajinami, Thorben Denzer, Tim Meusel, Vijay Singh, +Zach Huntington-Meath, Titani Labaj As well as all users who helped test releases, report bugs and provide feedback on the project. diff --git a/_includes/manuals/3.19/1.2_release_notes.md b/_includes/manuals/3.19/1.2_release_notes.md index b52753197b..779063a94f 100644 --- a/_includes/manuals/3.19/1.2_release_notes.md +++ b/_includes/manuals/3.19/1.2_release_notes.md @@ -59,7 +59,18 @@ Multiple form-related components have been deprecated in favor of PatternFly 5 a Use the PatternFly 5 form components for new development. See the [PF3 to PF5 migration guide](https://github.com/theforeman/foreman/blob/develop/developer_docs/pf3-to-pf5-migration-guide.asciidoc) for details. -### Release Notes +### Release notes for 3.19.1 +#### Foreman +* Pin Katello CI to KATELLO-4.21 on 3.19-stable ([#39483](https://projects.theforeman.org/issues/39483)) + +#### Foreman - Security +* CVE-2026-5138: Information disclosure via improper validation of nested request parameters ([#39481](https://projects.theforeman.org/issues/39481)) +* CVE-2026-5135: Unauthorized modification of host configurations via broken access control ([#39480](https://projects.theforeman.org/issues/39480)) +* CVE-2026-5142: Cross-tenant private SSH key disclosure via taxonomy scoping bypass ([#39479](https://projects.theforeman.org/issues/39479)) +* CVE-2026-5136: Privilege escalation via usergroup role assignment manipulation ([#39478](https://projects.theforeman.org/issues/39478)) + +*A full list of changes in 3.19.1 is available via [Redmine](https://projects.theforeman.org/issues?set_filter=1&sort=id%3Adesc&status_id=closed&f[]=cf_12&op[cf_12]=%3D&v[cf_12][]=2089)* + ### Release notes for 3.19.0 #### Foreman * ConfigReport.summarise executes N+1 queries when loading host report metrics ([#39382](https://projects.theforeman.org/issues/39382)) @@ -227,6 +238,7 @@ Leos Stejskal, Lucy Fu, Lukas Hellebrandt, Lukas Jezek, +Lukas Pramuk, Lukáš Ježek, Marek Hulán, Maria Agaphontzev, @@ -250,6 +262,6 @@ Zach Huntington-Meath, Zachary Huntington-Meath, andreilakatos, rvasikarla, -tlabaj +Titani Labaj As well as all users who helped test releases, report bugs and provide feedback on the project.