Version 1.2.9 of Cobbler
Release Notes: This release fixes a potential privilege escalation where a user who has been granted access to CobblerWeb can edit a kickstart template through the Web interface (which is a feature of Cobbler Web) and have cobblerd execute Python code on the cobbler server on his behalf as root. The fix in question limits the Python modules that a template can import to "time" and "random" via an explicit whitelist. A user with access to Cobbler Web can already install arbitrary software on other machines that Cobbler controls, though it may not be assumed he has root access on the Cobbler server.
Other releases
Release Notes: This update brings massive performance enhancements, so Cobbler can now easily handle managing data centers in the 10,000+ system range. In addition, this release adds a S390 mainframe PXE simulator, new email notification triggers, and the ability to keep the provisioning configuration under version control.
No changes have been submitted for this release.
Release Notes: Fixes to power management templates, removal of Python 2.6 deprecation warnings, template file fixes, and various other items.
Release Notes: This release has numerous fixes (including syntax fixes to the default installation templates with regard to automated networking setup), and also adds batch editing capability to the systems page of the cobbler Web application.
Release Notes: Numerous install server upgrades. Includes integrated power management options, improved cross-distribution support, PPC and s390 capabilities, physical and virtual image support, and numerous other features.
