--- cdrom.image/sme9/README.txt 2015/06/25 14:30:43 1.15 +++ cdrom.image/sme9/README.txt 2015/09/30 16:08:53 1.16 @@ -1,12 +1,11 @@ -Koozali SME Server 9.1 Beta 2 Release Announcement +Koozali SME Server 9.1 Beta 3 Release Announcement -Koozali SME Server 9.1 Beta 2 Release Notes +Koozali SME Server 9.1 Beta 3 Release Notes =========================================== - -25th June 2015 +30th Sept 2015 The Koozali SME Server (SME Server) development team is pleased to announce -the release of SME Server 9.1 Beta 2 which is based on CentOS 6.6. +the release of SME Server 9.1 Beta 3 which is based on CentOS 6.7. Bug reports and reports of potential bugs should be raised in the bug tracker (and only there, please); @@ -15,18 +14,15 @@ tracker (and only there, please); Download ======== - -You can download SME Server 9.1 Beta 2 from -http://mirror.contribs.org/smeserver/releases/testing/9.1.beta2/ +You can download SME Server 9.1 Beta 3 from +http://mirror.contribs.org/smeserver/releases/testing/9.1.beta3/ or for other methods see http://wiki.contribs.org/SME_Server:Download Please note it may take up to 48 hours for mirrors to finish syncing, during this time you may experience problems. - About SME Server ================ - SME Server is the leading Linux distribution for small and medium enterprises. SME Server is brought to you by Koozali Foundation, Inc., a non-profit corporation that exists to provide marketing and legal support @@ -54,10 +50,8 @@ Please visit http://wiki.contribs.org/Do Koozali Inc is happy to supply an invoice for any donations received, simply email treasurer@koozali.org - Notes ===== - In-place upgrades are not supported. It is necessary to backup and then restore. /boot partition is always RAID 1. The spare handling for RAID arrays is not implemented. @@ -65,6 +59,12 @@ The spare handling for RAID arrays is no USB installs are now supported, see: http://wiki.contribs.org/Install_From_USB#SME_Server_9 +Major changes in this release +============================= +Added functionality to use a Dummy NIC for the internal interface +Set the check update frequency of smecontribs through the server-manager +Disable SSLv3 +Added Windows 10 support for SME Domain Changes in this release ======================= @@ -75,7 +75,6 @@ autogenerated from the changelogs. Packages altered by Centos, Redhat, and Fedora-associated developers are not included. - Backups ------- - dar new upstream version @@ -86,7 +85,6 @@ Backups - The nfs service is neither started or allowed to start - Don't remove the apache group during restore - LDAP ---- - Remove size limit for search result @@ -103,6 +101,8 @@ LDAP Localisation ------------ + - apply locale smeserver-locale-2.4.0-locale-2015-07-12.patch + - apply locale smeserver-locale-2.4.0-locale-2015-07-01.patch - apply locale 2015-03-14 patch from pootle - apply locale 2014-12-25 patch from pootle @@ -130,6 +130,33 @@ Mail Server Server manager -------------- + - fix gzfile accept paths with NUL character #1213407 + - fix patch for CVE-2015-4024 + - fix more functions accept paths with NUL character #1213407 + - soap: missing fix for #1222538 and #1204868 + - core: fix multipart/form-data request can use excessive + amount of CPU usage CVE-2015-4024 + - fix various functions accept paths with NUL character + CVE-2015-4026, #1213407 + - ftp: fix integer overflow leading to heap overflow when + reading FTP file listing CVE-2015-4022 + - phar: fix buffer over-read in metadata parsing CVE-2015-2783 + - phar: invalid pointer free() in phar_tar_process_metadata() + CVE-2015-3307 + - phar: fix buffer overflow in phar_set_inode() CVE-2015-3329 + - phar: fix memory corruption in phar_parse_tarfile caused by + empty entry file name CVE-2015-4021 + - soap: more fix type confusion through unserialize #1222538 + - soap: more fix type confusion through unserialize #1204868 + - core: fix double in zend_ts_hash_graceful_destroy CVE-2014-9425 + - core: fix use-after-free in unserialize CVE-2015-2787 + - exif: fix free on unitialized pointer CVE-2015-0232 + - gd: fix buffer read overflow in gd_gif.c CVE-2014-9709 + - date: fix use after free vulnerability in unserialize CVE-2015-0273 + - enchant: fix heap buffer overflow in enchant_broker_request_dict + CVE-2014-9705 + - phar: use after free in phar_object.c CVE-2015-2301 + - soap: fix type confusion through unserialize - fileinfo: fix out-of-bounds read in elf note headers. CVE-2014-3710 - xmlrpc: fix out-of-bounds read flaw in mkgmtime() CVE-2014-3668 - core: fix integer overflow in unserialize() CVE-2014-3669 @@ -183,11 +210,15 @@ Web Server Other fixes and updates ----------------------- + - Added new createlinks function event_templates event_actions event_services + - Don't claim to own /sbin and /sbin/e-smith + - display variable name in the server-manager $domainName, $domainDesc $domain + - Revert the upload_tmp_folder patch as it needs some more work - Add dummy NIC support as InternalInterface - Only fire the ip-change event when IP is assigned to WAN nic - (Code by Charlie Brady and John Crisp) + (Code by Charlie Brady and John Crisp) - Only reset service access when switching to or from private server mode - (Code by Charlie Brady) + (Code by Charlie Brady) - When quiting the console app with unsaved changes set the default selected answer to NO - Added a comment to specify the real configuration file of dhcpd @@ -254,12 +285,9 @@ Other fixes and updates - Added a check-update for the smecontribs repository - Move protected package list to the correct location - General features ================ - -- Based on CentOS 6.6 and all available updates - +- Based on CentOS 6.7 and all available updates Terry Fage On behalf of the SME Server development team