All Versions
Fedora 3.8.0 (Current Release)
Fedora 3.7.x
Fedora 3.6.x
Fedora 3.5.x
More..
Page History
...
| Excerpt |
|---|
This bugfix release FCREPO-798, a "Denial “Denial of Service" Service” (DOS) vulnerability affecting all prior versions of Fedora 2.x and 3.x, and FCREPO-790, a bug that could lead to the operating system running out of file handles. |
...
Unfortunately, Fedora 2 repositories remain vulnerable; a patch to Fedora 2, whose code base was declared at "end“end-of-life" life” two years ago, has proven beyond our resources at this time. Because of this, we will not being providing details about potential exploits in the near term. Fedora 2 installations are still of great concern to the Fedora committers since we know there are many installations in our community who may not be in a position to update to the latest Fedora release. We are seeking resources or volunteers to fix Fedora 2 but, at this time, we are not able to commit to a timeline for this work.
...
- Restrict access to Field Search including for front applications which pass unmodified query parameter text directly from users
- Restrict access from anonymous users for:
- API-A Lite "get" “get” operations
- REST API "get" “get” operations
- REST API "findObjects" “findObjects” operations
- Restrict ingest of new digital objects from un-trusted users
...
Overview
Content Tools