On Mon, Dec 18, 2017 at 06:10:29PM +0100, Michael Adam wrote:
>
> Heketi v5.0.1 is now available.
Packages for the CentOS Storage SIG are now becomnig available in the
testing repository. Packages can be obtained (soon) with the following
steps:
# yum --enablerepo=centos-gluster*-test update
Heketi v5.0.1 is now available.
This release[1] fixes a flaw that was found in heketi API that
permits issuing of OS commands through specially crafted
requests, possibly leading to escalation of privileges. More
details can be obtained at CVE-2017-15103. [2]
If authentication is turned "on"