We've just built Darga-3. This release contains bug fixes, numerous UI tweaks, and stabilization.
- It was found that the CloudForms web UI did not properly filter input in certain fields. A remote, authenticated attacker could use this flaw to execute arbitrary code on the system running CloudForms. (CVE-2016-5383)
This issue was discovered by Eric Hayes (Red Hat).
The GA announcement remains the best summary of changes since Capablanca.
This is a companion discussion topic for the original entry at http://manageiq.org/blog/2016/08/Announcing-Darga-3/