We’ve just built Darga-4.1 This release contains a security fix, bug fixes, numerous UI tweaks, and stabilization.

Security Fix(es): (CVE-2016-7040) In ManageIQ product there was found an improper input validation vulnerability in expression engine allowing to trigger code execution. The issue was found to be exploitable both via JSON API, which can be triggered by users authorized with GET/read access to a collection in API, and via UI when filtering on VMs based on regular expression, which can be triggered by users able to view and filter on VMs in UI. This issue was discovered by Adam Mariš (Red Hat).

Here is the changelog: Darga-4.1

Here is the complete summary of fixes in Darga-4.1: manageiq manageiq-appliance manageiq-appliance-build manageiq-ui-self_service

The GA announcement shows the summary of changes since Capablanca.

With this release we’re also introducing a Vagrant image so you can run ManageIQ in a Vagrant box. So, go ahead and download Darga-4.1. For questions or support, join in on the talk page.