We’ve just built Darga-3. This release contains bug fixes, numerous UI tweaks, and stabilization.

Security Fix(es):

  • It was found that the CloudForms web UI did not properly filter input in certain fields. A remote, authenticated attacker could use this flaw to execute arbitrary code on the system running CloudForms. (CVE-2016-5383)

This issue was discovered by Eric Hayes (Red Hat).

and here is the complete summary of fixes in darga-3: manageiq manageiq-appliance manageiq-appliance-build manageiq-ui-self_service

The GA announcement remains the best summary of changes since Capablanca.

So, go ahead and download Darga-3. For questions or support, join in on the talk page.