diff --git a/_service b/_service
index a946cd2..76ee620 100644
--- a/_service
+++ b/_service
@@ -4,7 +4,7 @@
     <param name="scm">git</param>
     <param name="changesgenerate">enable</param>
     <param name="filename">suse-module-tools</param>
-    <param name="version">15.1.0</param>
+    <param name="version">15.1.10</param>
     <param name="revision">master</param>
     <param name="exclude">*.spec</param>
     <param name="exclude">*.rpmlintrc</param>
diff --git a/_servicedata b/_servicedata
index a81ab34..550ca3b 100644
--- a/_servicedata
+++ b/_servicedata
@@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/openSUSE/suse-module-tools.git</param>
-              <param name="changesrevision">6b07b8840b0e26b7f4fcaf5c5ddf17f6a3b97810</param></service></servicedata>
\ No newline at end of file
+              <param name="changesrevision">b28b13d83209ebdbbb30fe3881462ff86bc46428</param></service></servicedata>
\ No newline at end of file
diff --git a/suse-module-tools-15.1.0.tar.xz b/suse-module-tools-15.1.0.tar.xz
deleted file mode 100644
index b55aab4..0000000
--- a/suse-module-tools-15.1.0.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:87bc4b41e92a4219d4042d9003a86ae46fe87f77dddb0735e1cab0a5080b579b
-size 25976
diff --git a/suse-module-tools-15.1.10.tar.xz b/suse-module-tools-15.1.10.tar.xz
new file mode 100644
index 0000000..de67ac5
--- /dev/null
+++ b/suse-module-tools-15.1.10.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a71a58c37e8327292233bf6846af4c3b6d245b7c02f869fb282aba221bfec680
+size 25984
diff --git a/suse-module-tools.changes b/suse-module-tools.changes
index 1a3ffff..2d0a147 100644
--- a/suse-module-tools.changes
+++ b/suse-module-tools.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Feb 08 10:44:56 UTC 2019 - mwilck@suse.com
+
+- Update to version 15.1.10 (git b28b13d):
+- implemented fs blacklisting logic (jsc#SLES-4085, fate#326832)
+
 -------------------------------------------------------------------
 Thu Jan 31 23:07:10 UTC 2019 - mwilck@suse.com
 
diff --git a/suse-module-tools.spec b/suse-module-tools.spec
index 6f97ea8..621e884 100644
--- a/suse-module-tools.spec
+++ b/suse-module-tools.spec
@@ -16,8 +16,16 @@
 #
 
 
+# List of legacy file systems to be blacklisted by default
+%if 0%{?is_opensuse}
+%global fs_blacklist adfs affs bfs befs cramfs efs erofs exofs freevxfs f2fs hfs hpfs jffs2 jfs minix nilfs2 ntfs omfs qnx4 qnx6 sysv ubifs ufs
+%else
+# SLE only ships a few of them
+%global fs_blacklist cramfs ufs
+%endif
+
 Name:           suse-module-tools
-Version:        15.1.0
+Version:        15.1.10
 Release:        0
 Summary:        Configuration for module loading and SUSE-specific utilities for KMPs
 License:        GPL-2.0-or-later
@@ -112,6 +120,25 @@ install -pm 644 sg.conf "%{buildroot}%{_sysconfdir}/modules-load.d"
 
 mkdir -p %{buildroot}%{_defaultlicensedir}
 
+%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150100
+for mod in %{fs_blacklist}; do
+    echo "\
+# The $mod file system is blacklisted by default because it isn't actively
+# supported by SUSE, not well maintained, and may have security vulnerabilites.
+# To enable autoloading the $mod file system module, comment out the
+# \"blacklist $mod\" statement below. ENABLE AT YOUR OWN RISK.
+#
+# File system modules loaded at installation time of the %{name} package
+# are not blacklisted. This is achieved by commenting out the blacklist
+# line in the post-installation script. To prevent the post-installation
+# script from modifying this file, delete the line containing \"THIS FILE MAY
+# BE MODIFIED\" at the bottom.
+blacklist $mod
+# __THIS FILE MAY BE MODIFIED__" \
+	>%{buildroot}%{_sysconfdir}/modprobe.d/60-blacklist_fs-"$mod".conf
+done
+%endif
+
 %post
 %if 0%{?sle_version} >= 150000
 # Delete obsolete unsupported-modules file from SLE11
@@ -180,6 +207,26 @@ if test -e %{_sysconfdir}/modprobe.conf.local; then
 		%{_sysconfdir}/modprobe.d/99-local.conf
 fi
 
+# Avoid systems becoming unbootable by blacklisting filesystem
+# modules. Modules loaded at installation time will not be
+# blacklisted (the blacklist statement is commented out).
+# config(noreplace) makes sure that this is not overwritten by rpm.
+%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150100
+for mod in %{fs_blacklist}; do
+	conf=%{_sysconfdir}/modprobe.d/60-blacklist_fs-"$mod".conf
+	if [ -f "$conf" ] && \
+	    grep -q '^# __THIS FILE MAY BE MODIFIED__$' "$conf" && \
+            sed '/^nodev/d;' /proc/filesystems | grep -q "\<$mod\>"; then
+		sed -i '
+/^# next line was commented out by postinstall script of %{name}$/d
+/^blacklist '"$mod"'/{i\
+# next line was commented out by postinstall script of %{name}
+s/^/# /
+}' "$conf"
+	fi
+done
+%endif
+
 %files
 %defattr(-,root,root)
 
@@ -193,6 +240,7 @@ fi
 %config(noreplace) %{_sysconfdir}/modprobe.d/10-unsupported-modules.conf
 %if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150100
 %config(noreplace) %{_sysconfdir}/modprobe.d/50-blacklist.conf
+%config(noreplace) %{_sysconfdir}/modprobe.d/60-blacklist_fs-*.conf
 %endif
 %config(noreplace) %{_sysconfdir}/modprobe.d/99-local.conf
 %dir %{_sysconfdir}/depmod.d