This update for the SUSE Manager Server 3.0 provides several fixes and improvements.
The following security issue has been fixed:
spacewalk-java:
- CVE-2017-7538: Do not allow HTML code injection via Cross Site Scripting (XSS) in the Organization Name. (bsc#1048968)
Additionally, the following non-security issues have been fixed:
salt-netapi-client:
- Fix date format for Schedule.
- Fix sending kwarg in payload in RunnerCall.
- Better error handling in Runner and Wheel calls.
- Increase the default SOCKET_TIMEOUT to 20 seconds
smdba:
- Do not set default_statistics_target. (bsc#1022286)
- Support postgresql96. (bsc#1045152)
- Prevent use of /var/lib/pgsql/data. (bsc#1024058)
- Remove copyright message every time shown.
- On systemd-enabled systems use it for start/stop PostgreSQL. (bsc#1024058)
spacewalk-backend:
- Increase rpclib timeout to 10 minutes. (bsc#1026930)
- Adapt for the new gpgcheck flag for the channels.
spacewalk-branding:
- Fix overlapping text narrow window. (bsc#1009118)
spacewalk-config:
- Resolve comps.xml file for repositories. (bsc#1048528)
spacewalk-java:
- Delete and create new ServerNetAddress if it already exists on Hardware refresh. (bsc#1054225)
- Fix enter key submit on ListTag filter input. (bsc#1048762)
- Create VirtpollerData object with JSON content instead null. (bsc#1049170)
- Prevent malformed XML if 'arch' is set to NULL. (bsc#1045575)
- Resolve comps.xml file for repositories. (bsc#1048528)
- Don't add default channel if AK is not valid. (bsc#1047656)
- Add 'Enable GPG check' function for channels.
- Regenerate pillar for the minions using the channel being modified.
- Remove executable bit from service files. (bsc#1051518)
- Fix wrong openscap xid. (bsc#1030898)
- Fix overlapping text narrow window. (bsc#1009118)
- Fix broken link. (bsc#1033999)
- Fix alignment on the org details. (bsc#1017513)
- Update channels.xml with OpenStack Cloud Continuous Delivery 6. (bsc#1039458)
- Handle possible wrong UUIDs on SLE...