This update for couchdb fixes the following security issues:
CVE-2018-8007: Apache CouchDB administrative users can configure the database
server via HTTP(S). Due to insufficient validation of administrator-supplied
configuration settings via the HTTP API, it was possible for a CouchDB
administrator user to escalate their privileges to that of the operating
system's user that CouchDB runs under, by bypassing the blacklist of
configuration settings that are not allowed to be modified via the HTTP API
(bsc#1100973)