The Foreman ProjectForeman 3.11.2 (https://da.gd/tfm-3112) and Foreman 3.10.1 (https://da.gd/tfm-3101) have been released!
Both are fixing two remotely exploitable authentication bypass vulnerabilities: CVE-2024-7923 (https://theforeman.org/security.html#2024-7923, affects all Katello users) and CVE-2024-7012 (https://theforeman.org/security.html#2024-7012, affects users of external authentication).
Foreman 3.11.2 is now available
Version 3.11.2 is now available with two critical security fixes. CVE-2024-7923 affects all Katello users while the CVE-2024-7012 affects users of external authentication. For both it is critical to rerun the installer. It also has a number of bugfixes. Installation quick start Upgrade instructions Release notes Packages may be found in the 3.11 directories on both deb.theforeman.org and yum.theforeman.org, and tarballs are on downloads.theforeman.org. The GPG key used for signing RPMs and t...