[arvados] updated: 2.4.2-4-g5412a019a

git repository hosting git at public.arvados.org
Mon Aug 8 16:51:51 UTC 2022 

Summary of changes:
 doc/admin/upgrading.html.textile.liquid | 20 ++++----------------
 1 file changed, 4 insertions(+), 16 deletions(-)

       via  5412a019a3f0c1cb2bff3b344f63e9a48a911026 (commit)
      from  0999158f0ba004858cbaada4d3daf8fbd34e95e1 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit 5412a019a3f0c1cb2bff3b344f63e9a48a911026
Author: Peter Amstutz <peter.amstutz at curii.com>
Date:   Mon Aug 8 12:51:34 2022 -0400

    Fix 2.4.2 upgrade notes formatting refs #19330
    
    Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz at curii.com>

diff --git a/doc/admin/upgrading.html.textile.liquid b/doc/admin/upgrading.html.textile.liquid
index 0f473a9e5..1eedb3000 100644
--- a/doc/admin/upgrading.html.textile.liquid
+++ b/doc/admin/upgrading.html.textile.liquid
@@ -34,33 +34,21 @@ h2(#v2_4_2). v2.4.2 (2022-08-09)
 
 h3. GHSL-2022-063
 
-GitHub Security Lab (GHSL) reported a remote code execution (RCE)
-vulnerability in the Arvados Workbench that allows authenticated attackers
-to execute arbitrary code via specially crafted JSON payloads.
+GitHub Security Lab (GHSL) reported a remote code execution (RCE) vulnerability in the Arvados Workbench that allows authenticated attackers to execute arbitrary code via specially crafted JSON payloads.
 
 This vulnerability is fixed in 2.4.2 ("#19316":https://dev.arvados.org/issues/19316).
 
 It is likely that this vulnerability exists in all versions of Arvados up to 2.4.1.
 
-This vulnerability is specific to the Ruby on Rails Workbench
-application ("Workbench 1").  We do not believe any other Arvados
-components, including the TypesScript browser-based Workbench
-application ("Workbench 2") or API Server, are vulnerable to this
-attack.
+This vulnerability is specific to the Ruby on Rails Workbench application ("Workbench 1").  We do not believe any other Arvados components, including the TypesScript browser-based Workbench application ("Workbench 2") or API Server, are vulnerable to this attack.
 
 h3. CVE-2022-31163 and CVE-2022-32224
 
-As a precaution, Arvados 2.4.2 has includes security updates for Ruby
-on Rails and the TZInfo Ruby gem.  However, there are no known
-exploits in Arvados based on these CVEs.
+As a precaution, Arvados 2.4.2 has includes security updates for Ruby on Rails and the TZInfo Ruby gem.  However, there are no known exploits in Arvados based on these CVEs.
 
 h3. Disable Sharing URLs UI
 
-There is now a configuration option @Workbench.DisableSharingURLsUI@
-for admins to disable the user interface for "sharing link" feature
-(URLs which can be sent to users to access the data in a specific
-collection in Arvados without an Arvados account), for organizations
-where sharing links violate their data sharing policy.
+There is now a configuration option @Workbench.DisableSharingURLsUI@ for admins to disable the user interface for "sharing link" feature (URLs which can be sent to users to access the data in a specific collection in Arvados without an Arvados account), for organizations where sharing links violate their data sharing policy.
 
 h2(#v2_4_1). v2.4.1 (2022-06-02)
 

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list