Pulp 2.8.2 has been published to the stable repositories:



Pulp 2.8.2 addresses a security vulnerability that was found after the

announcement of the 2.8.1 release candidate. More information about this

vulnerability, including upgrade instructions, can be found at

the following address:


Satellite users are unaffected by this vulnerability:


(It’s currently in the reserved state, but should be opened up shortly.)

From the access.redhat.com CVE page:

“This issue did not affect the versions of pulp as shipped with Red Hat

Satellite 6.x and Red Hat Update Infrastructure 2.x as they did not include

support for pulp-gen-ca-certificate.”


This was discovered after the 2.8.1 release candidate was published, so

the fastest way for us to get this out the door was a rapid-fire hotfix

release. This is a unique situation; two releases of the same pulp minor

version in two days is exceptional and should not become the norm.</pre>