Releases: FOGProject/fogproject
1.5.10.1634
Contributors
Assets 2
1.5.10.1629
What's Changed
- merge stable - 1.5.10.1622 into dev by @fog-workflows in #652
- Update snapintaskcomplete_slack.event.php to include snapin name by @geotsot in #653
- Stable Release PR For 1.5.10.1629 - 2024-11-15 by @fog-workflows in #658
Full Changelog: 1.5.10.1622...1.5.10.1629
Contributors
Assets 2
1.5.10.1622
What's Changed
- merge stable - 1.5.10.1615 into dev by @fog-workflows in #644
- Fix for accesscontol, site and windowskey plugins when using PHP 8 by @ynlamy in #647
- Stable Release PR For 1.5.10.1622 - 2024-10-15 by @fog-workflows in #651
New Contributors
Full Changelog: 1.5.10.1615...1.5.10.1622
Contributors
Assets 2
1.5.10.1615
What's Changed
- merge stable - 1.5.10.1593 into dev by @fog-workflows in #630
- Slack plugin fixes by @geotsot in #631
- Update functions.sh by @michaelbarkdoll in #638
- Add GPU information to host inventory and report (dev-branch) by @rluzuriaga in #640
- Stable Release PR For 1.5.10.1615 - 2024-09-15 by @fog-workflows in #643
New Contributors
- @geotsot made their first contribution in #631
- @michaelbarkdoll made their first contribution in #638
Full Changelog: 1.5.10.1593...1.5.10.1615
Contributors
Assets 2
1.5.10.1593
What's Changed
- update-branch by @darksidemilk in #615
- merge stable - 1.5.10.1566 into dev by @github-actions in #617
- Stable Release PR For 1.5.10.1584 - 2024-08-16 by @github-actions in #623
- merge stable - 1.5.10.1584 into dev by @github-actions in #624
- Stable Release PR For 1.5.10.1584 - 2024-08-16 by @fog-workflows in #626
- quick equality merge by @darksidemilk in #627
- Stable Release PR For 1.5.10.1593 - 2024-08-16 by @fog-workflows in #629
Full Changelog: 1.5.10.1566...1.5.10.1593
Contributors
Assets 2
1.5.10.1566
What's Changed
- Stable Release PR For 1.5.10.1566 - 2024-08-08 by @github-actions in #616
Full Changelog: 1.5.10.1565...1.5.10.1566
1.5.10.1565
1.5.10.1565
- fixed #607
- Translation updates
Adjusted patch/revision versioning to be based on commits since baseline code in master was tagged to 1.5.0.
Change count will be based on commits different vs master which will line up to commits since 1.5.0.
Minor changes to the release numbering should be expected as we work out a fully automated release schedule.
What's Changed
- Monthly Release PR - 2024-08-06 by @github-actions in #614
Full Changelog: 1.5.10.74...1.5.10.1565
1.5.10.74
Overview
Bug fixes for new versioning system and more work moving towards automated releases
What's Changed
- Monthly Release PR - 2024-08-05 by @github-actions in #609
- Update stable hooks by @darksidemilk in #611
- Release Pull by @darksidemilk in #612
New Contributors
- @github-actions made their first contribution in #609
Full Changelog: 1.5.10.48...1.5.10.74
Contributors
Assets 2
1.5.10.48
1.5.10.48
- Resolves #602 (couldn't install fresh)
- Note: Deleted 1.5.10.47 release and tag as it couldn't install. Moved security fixes to this release.
Security fixes
- Log Information Disclosure - CVE-2024-42349
- Leak of sensitive information (AD domain, username and password) - CVE-2024-42348
What's Changed
Full Changelog: 1.5.10.41...1.5.10.48
1.5.10.41
1.5.10.41
This is the initial release in the new ‘stable’ branch. Provided there aren't reports of issues from community testers, we plan to automate monthly releases from the ‘staging’ branch (dev-branch) into the stable branch. These releases will include security patches, bug fixes, and feature enhancements for the general FOG userbase at a faster pace that's more in line with things as they're developed. The first manual release ensures a secure installation path due to recent security issues that have been patched and are registered as CVEs, they are listed below.
See also https://forums.fogproject.org/category/25/security-advisories
Security fixes
- CVE-2024-39914 - Command injection in /fog/management/export.php?filename=
- CVE-2024-39916 - NFS server misconfiguration allows file access outside the exported directory
- CVE-2024-34477 - NFS share - Privilege Escalation
- CVE-2024-41108 - Sensitive Information Disclosure
- CVE-2024-40645 - Authenticated File Upload RCE
- CVE-2024-41954 - Weak file permissions
- CVE-2023-46237 - Path traversal via unauthenticated endpoint.
- CVE-2023-46236 - SSRF via unauthenticated endpoint(s).
- CVE-2023-46235 - Stored XSS on log screen via unsanitized request logging.
Note: All these security fixes also apply to the latest beta version available in the working-1.6 branch.
What's Changed
- FIX #567 ldap plugin with PHP 8 by @tomamplius in #570
- FIX : Failed to open stream : No such file or directory by @tomamplius in #569
- fix php8.2 error by @tomamplius in #573
- Dev branch - Fix spelling error (ilke to like) by @lukebarone in #580
- Update version number - BF by @lukebarone in #581
- Argument parsing loop rewrite & fix double dash arguments by @rluzuriaga in #585
- Add experimental kernel update, Initrd Update settings page, and ARM kernel version information by @rluzuriaga in #588
- refactor: quality of life menu order preview improvement by @alryaz in #579
Additional Info/Optional Changes
- If you use the new Experimental Kernel/Init update system to update to the latest kernel, the fos and ipxe system now respect the pass-thru mac when a USB ethernet adapter is used on a system with pass-thru mac aka mac emulation enabled in the bios/firmware settings. This makes for simpler workflows when imaging devices that have no built-in ethernet adapter but that do support mac address pass thru of their supported adapters.
New Contributors
- @tomamplius made their first contribution in #570
- @rluzuriaga made their first contribution in #585
- @alryaz made their first contribution in #579
Full Changelog: 1.5.10...1.5.10.41
