Safety vulnerability ID: 45820
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Cobbler 3.3.2 includes a fix for CVE-2022-0860: Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.
https://github.com/cobbler/cobbler/security/advisories/GHSA-mcg6-h362-cmq5
Latest version: 3.3.7
Network Boot and Update Server
This release addresses mainly security issues and bugfixes.
We have 156 files changed, 3288 insertions(+), 1642 deletions(-)
Milestone: <https://github.com/cobbler/cobbler/milestone/18>
Diff to last release: <https://github.com/cobbler/cobbler/compare/v3.3.1...v3.3.2>
**Announcements**:
- Important Security Bugfixes
- CVE-2022-0860: See [GH advisory](https://github.com/cobbler/cobbler/security/advisories/GHSA-mcg6-h362-cmq5)
**New**:
- `cobbler sync` doesn't have to be executed no more after `enable_ipxe` was flipped [2689](https://github.com/cobbler/cobbler/issues/2689) [#2944](https://github.com/cobbler/cobbler/pull/2944)
- Auth: Support for Global Secure Catalog via LDAP provider [2937](https://github.com/cobbler/cobbler/pull/2937)
**Breaking Changes**:
- None
**Changes**:
- Reposync now deletes old metadata to prevent metadata merge conflicts [2942](https://github.com/cobbler/cobbler/pull/2942)
- The automigration of the settings is now not enabled per default. [2881](https://github.com/cobbler/cobbler/issues/2881) [#2966](https://github.com/cobbler/cobbler/pull/2966)
- We removed `ppc` from RedHat EL 7 as it is not supported [2964](https://github.com/cobbler/cobbler/pull/2964)
**Bugfixes**:
- `Network interface is not subscriptable` errors were fixed [2856](https://github.com/cobbler/cobbler/issues/2856)
- The stacktraces related to the package and file pre & post triggers should no longer appear [2953](https://github.com/cobbler/cobbler/pull/2953)
- You should be able to add multiple initrds if needed again [2870](https://github.com/cobbler/cobbler/issues/2870) [#2931](https://github.com/cobbler/cobbler/pull/2931)
- Debian: Fix regex for `SHIM_FILE` which now provides a working reasonable default [2930](https://github.com/cobbler/cobbler/pull/2930)
**Other**:
- Internal Refactorings:
- Tech-Tebt in the DHCP ISC manager was cleaned up [2957](https://github.com/cobbler/cobbler/pull/2957)
- Switch from the collection manager to the `api.py` [2955](https://github.com/cobbler/cobbler/pull/2955)
- Docs
- `cobbler-settings` is now explained in the "Scripts" section [2966](https://github.com/cobbler/cobbler/pull/2966)
- Tests:
- Added basic tests for untested modules [2956](https://github.com/cobbler/cobbler/pull/2956)
- Python: Switch from XML-RPC to Python objects [2963](https://github.com/cobbler/cobbler/pull/2963)
- CI/container:
- Increase timout for DEB build [2954](https://github.com/cobbler/cobbler/pull/2954)
- CI: Add podman support [2934](https://github.com/cobbler/cobbler/pull/2934)
- Debian packages build on PRs again [2950](https://github.com/cobbler/cobbler/pull/2950)
- Debian package build errors were fixed [2948](https://github.com/cobbler/cobbler/pull/2948) [#2949](https://github.com/cobbler/cobbler/pull/2949)
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application