File _patchinfo of Package patchinfo.31871
<patchinfo incident="31871"> <issue tracker="bnc" id="1207930">L3-Question: hawk2's generate-ssl-cert should not replace existing key</issue> <issue tracker="bnc" id="1206217">[Build 58.1] openQA test fails in hawk_gui</issue> <issue tracker="bnc" id="1216508">VUL-1: HAWK: insecure cookie configuration</issue> <issue tracker="bnc" id="1208533">Hawk2 backend error: /usr/lib64/ruby/2.5.0/rubygems/specification.rb:2327:in `raise_if_conflicts': Unable to activate sass-rails-5.1.0, because railties-5.1.4 conflicts with railties (>= 5.2.0) (Gem::ConflictError)</issue> <issue tracker="bnc" id="1216571">VUL-1: HAWK: Improve CSRF protection</issue> <issue tracker="bnc" id="1215438">Error : "Upload must have correct MIME type (was application/octet-stream)" while uploading output of crm report to HAWK2 via Windos OS</issue> <issue tracker="bnc" id="1215976">Hawk fails to build in Factory</issue> <issue tracker="bnc" id="1213454">L3-Question: How can I disable CORS configuration or set a static origin which allows including credentials (cookies) in cross origin requests for pacemaker HAWK Web service?</issue> <packager>aburlakov</packager> <rating>moderate</rating> <category>security</category> <summary>Security update for hawk2</summary> <description>This update for hawk2 fixes the following issues: - Fixed HttpOnly secure flag by default (bsc#1216508). - Fixed CSRF in errors_controller.rb protection (bsc#1216571). Update to version 2.6.4+git.1702030539.5fb7d91b: - Fix mime type issue in MS windows (bsc#1215438) - Parametrize CORS Access-Control-Allow-Origin header (bsc#1213454) - Tests: upgrate tests for ruby3.2 (tumbleweed) (bsc#1215976) - Upgrade for ruby3.2 (tumbleweed) (bsc#1215976) - Forbid special symbols in the category (bsc#1206217) - Fix the sass-rails version on ~5.0 (bsc#1208533) - Don't delete the private key if the public key is missing (bsc#1207930) - make-sle155-compatible.patch . No bsc, it's for backwards compatibility. </description> </patchinfo>
