Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 30 additions & 0 deletions _includes/manuals/3.18/1.2_release_notes.md
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,25 @@ The ForemanModal component in Foreman core is now deprecated. If you are a plugi
#### PatternFly 3 select form field deprecated
The PatternFly 3 select form field component is deprecated. PatternFly 5 Select components are used instead.

### Release notes for 3.18.2
#### Foreman - Network
* Handling of bond and vlan interface names ([#39371](https://projects.theforeman.org/issues/39371))

#### Foreman - Packaging
* CVE-2026-33176: Active Support Denial of Service via large scientific notation strings ([#39190](https://projects.theforeman.org/issues/39190))
* Install libffi-devel to be able to build fiddle ([#39124](https://projects.theforeman.org/issues/39124))

#### Foreman - Security
* CVE-2026-5138: Information disclosure via improper validation of nested request parameters ([#39481](https://projects.theforeman.org/issues/39481))
* CVE-2026-5135: Unauthorized modification of host configurations via broken access control ([#39480](https://projects.theforeman.org/issues/39480))
* CVE-2026-5142: Cross-tenant private SSH key disclosure via taxonomy scoping bypass ([#39479](https://projects.theforeman.org/issues/39479))
* CVE-2026-5136: Privilege escalation via usergroup role assignment manipulation ([#39478](https://projects.theforeman.org/issues/39478))

#### Foreman - VM management
* VMware - Normalize firmware type in clone args ([#39310](https://projects.theforeman.org/issues/39310))

*A full list of changes in 3.18.2 is available via [Redmine](https://projects.theforeman.org/issues?set_filter=1&sort=id%3Adesc&status_id=closed&f[]=cf_12&op[cf_12]=%3D&v[cf_12][]=2061)*

### Release notes for {{page.version}}.1
#### Foreman - Internationalization
* Update locales for 3.18 ([#39071](https://projects.theforeman.org/issues/39071))
Expand Down Expand Up @@ -175,15 +194,19 @@ We'd like to thank the following people who contributed to the Foreman {{page.ve
Adam Lazik,
Adam Růžička,
Adrian Parreiras Horta,
Andrei Lakatos,
Archana Kumari,
Arvind Jangir,
Bernhard Suttner,
Chris Roberts,
Christian Paruzel,
Dirk Götz,
EnigmaXV,
Eric Helms,
Evgeni Golov,
Ewoud Kohl van Wijngaarden,
Francesco Di Nucci,
Gene Liverman,
Giovanni Formisano,
Houssam Sahli,
Ian Ballou,
Expand All @@ -194,25 +217,32 @@ Kenyon Ralph,
Konstantinos Familonidis,
Leos Stejskal,
Lucy Fu,
Lukas Hellebrandt,
Lukas Jezek,
Lukas Pramuk,
MarcWort,
Maria Agaphontzev,
Markus Reisner,
Matt Darcy,
Maximilian Kolb,
Nadja Heitmann,
Nakul Pathak,
Nofar Alfassi,
Odilon Sousa,
Oleh Fedorenko,
Ondřej Gajdušek,
Pablo Méndez Hernández,
Pat Riehecky,
Pavan Soma Shekar,
Peter Ondrejka,
Ryan,
Shimon Shtein,
Shubham Ganar,
Takashi Kajinami,
Thorben Denzer,
Tim Meusel,
Vijay Singh,
Zach Huntington-Meath,
Titani Labaj

As well as all users who helped test releases, report bugs and provide feedback on the project.
16 changes: 14 additions & 2 deletions _includes/manuals/3.19/1.2_release_notes.md
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,18 @@ Multiple form-related components have been deprecated in favor of PatternFly 5 a

Use the PatternFly 5 form components for new development. See the [PF3 to PF5 migration guide](https://github.com/theforeman/foreman/blob/develop/developer_docs/pf3-to-pf5-migration-guide.asciidoc) for details.

### Release Notes
### Release notes for 3.19.1
#### Foreman
* Pin Katello CI to KATELLO-4.21 on 3.19-stable ([#39483](https://projects.theforeman.org/issues/39483))

#### Foreman - Security
* CVE-2026-5138: Information disclosure via improper validation of nested request parameters ([#39481](https://projects.theforeman.org/issues/39481))
* CVE-2026-5135: Unauthorized modification of host configurations via broken access control ([#39480](https://projects.theforeman.org/issues/39480))
* CVE-2026-5142: Cross-tenant private SSH key disclosure via taxonomy scoping bypass ([#39479](https://projects.theforeman.org/issues/39479))
* CVE-2026-5136: Privilege escalation via usergroup role assignment manipulation ([#39478](https://projects.theforeman.org/issues/39478))

*A full list of changes in 3.19.1 is available via [Redmine](https://projects.theforeman.org/issues?set_filter=1&sort=id%3Adesc&status_id=closed&f[]=cf_12&op[cf_12]=%3D&v[cf_12][]=2089)*

### Release notes for 3.19.0
#### Foreman
* ConfigReport.summarise executes N+1 queries when loading host report metrics ([#39382](https://projects.theforeman.org/issues/39382))
Expand Down Expand Up @@ -227,6 +238,7 @@ Leos Stejskal,
Lucy Fu,
Lukas Hellebrandt,
Lukas Jezek,
Lukas Pramuk,
Lukáš Ježek,
Marek Hulán,
Maria Agaphontzev,
Expand All @@ -250,6 +262,6 @@ Zach Huntington-Meath,
Zachary Huntington-Meath,
andreilakatos,
rvasikarla,
tlabaj
Titani Labaj

As well as all users who helped test releases, report bugs and provide feedback on the project.