-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 The Apache VCL project has released version 2.5.2. This is a bug fix release to address 2 vulnerabilities. The CVE numbers for the vulnerabilities are
CVE-2024-53678 CVE-2024-53679 Both are related to improper validation of submitted form data. Information about the CVEs can be found on our security page[1]. Information on downloading and installing 2.5.2 can be found on our download page: http://vcl.apache.org/downloads/download.html Release notes can be found here: http://vcl.apache.org/docs/releasenotes.html A change log for these releases can be found here: http://vcl.apache.org/docs/changelog.html Installation and upgrade scripts are included in the release. There are web instructions on manually doing installs and upgrades linked to from the download page. Apache VCL is a self-service system used to dynamically provision and broker remote access to a dedicated compute environment for an end-user. The provisioned computers are typically housed in a data center and may be physical blade servers, traditional rack mounted servers, or virtual machines. VCL can also broker access to standalone machines such as a lab computers on a university campus. One of the primary goals of VCL is to deliver a dedicated compute environment to a user for a limited time through a web interface. This compute environment can range from something as simple as a virtual machine running productivity software to a machine room blade running high end software (i.e. a CAD, GIS, statistical package or an Enterprise level application) to a cluster of interconnected physical (bare metal) compute nodes. Using the scheduling API, VCL can be used to automate the provisioning of servers in a server farm or HPC cluster. [1] https://vcl.apache.org/security.html Josh Thompson Apache VCL release manager -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEI0cOQm0VAdkhDARZSNnzl+fhyFkFAmfhlBsACgkQSNnzl+fh yFlr0xAAhk1CYdkc9GMgDfb39YGU2jLyNgqonHg2TqmF6uNk9iH6yq+sa3coAk+l 9TzEFcWXpA9XLQJFrdPpI6A2IlrDgXV92RJnI0peMfGIlvdhtSUxBg6l9TePa0qQ vXeJHMB74DAqOj+pFk/z1WVwCnIjbS7shQyA/6ufh33mG4xQCHrq7PGppO3bvGYS r4Tcz+SkFVmNI6EU5iDtSJyXpPOangkV7ia+Hdgy1xAuFIYrGJBY7ScIRrNk38e6 Q9hwx+0xNQMCSxVYlFAHNXhQ+vgtvxCz0al+x/F0qJhPRNf9rBLtcktKS8BJWjJC S6x3TU+MZSuByHdlUCV3vGC3FyC6GkWiVAmbexVJrUJVJzMr7HFgmi/Ijq3LBZxh e1D6I18u9eRE+DMaUKFyMja2S5z/w3plIeQuXI3UW+vvH9XkeFWwc7WO3uEj72Of 59bDt3ZnwasXyxNYgX8pORwhPzIwg0UbTMbTr0YMHOZEzCxO+kXMtmUeWdlzEU6K HETTswQ9nnLk6+EtVU2Ln8KGYugP1xIhKyPBvKkYcwjOv+jcIyJqRCNHriSNsEQE IOABYWDG3es0BXmTO+Zqm/zeXskMsQ3Kwya+oSfFMyRrjiFr5lecHjmZnWs06OFq TfigtpfbLLSDxL9i+XqsxvchSLBfcIjrjgWM+xIf+0JJepwpO5A= =2Zru -----END PGP SIGNATURE-----
