We’ve just built Euwe-3. This release contains a security fix, bug fixes, numerous UI tweaks, and stabilization. You can download the Euwe-3 release here
CVE-2017-2653 - A number of unused delete routes are present in CloudForms which can be accessed via GET requests instead of just POST requests. This could allow an attacker to bypass the protect_from_forgery XSRF protection causing the routes to be used. This attack would require additional cross-site scripting or similar attacks in order to execute. This issue was reported by Martin Povolny (Red Hat).
and here are just a few of the things added since Euwe-2 release
- Automate: Allow passing options when adding a disk in automate.
- Authentication: Ensure user name is set even when common LDAP attributes are missing.
- Red Hat Virtualization Manager: Resolve oVirt IP addresses
- Performance: Speed up widget generation
- Reporting: Support dots and slashes in virtual custom attributes
Here is the complete changelog: Euwe-3
For questions or support, join in on the talk page.