Hi,
Today, security update 1.3.6 was released, but there was no update for the 1.2 line. In November, there was an update for 1.2 (and even 1.1).
Now, I am wondering whether 1.2 has reached its end of life, or whether the security issue only affected 1.3.
How can I find out the support cycles for the various lines? I couldn't manage to figure it out on the web site.
Thanks!
Best, Peter
Not to worry...1.2 will be covered.
About 11 minutes before you sent this email, an announcement email came out about the fix for 1.3.6 and at the end, noted:
"We strongly recommend to update all productive installations of Roundcube with this new version. Updates for older LTS versions will follow soon."
On 2018-04-11 4:55 pm, Peter Thomassen wrote:
Hi,
Today, security update 1.3.6 was released, but there was no update for the 1.2 line. In November, there was an update for 1.2 (and even 1.1).
Now, I am wondering whether 1.2 has reached its end of life, or whether the security issue only affected 1.3.
How can I find out the support cycles for the various lines? I couldn't manage to figure it out on the web site.
Thanks!
Best, Peter
Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
Hi Peter
As it was already pointed out, we promised updates to older versions in our announcement message and we'll keep words.
Usually when somebody discovers a vulnerability like the recent one, we're getting contacted with private messages and together with the reporter we'd then coordinate the public communication once updates to all supported versions are available and ready to roll out. This time, however, the reporter chose to use public channels to inform about the issue and even published an article on medium.com about his findings before we were able to establish proper fixes for all supported versions of Roundcube. Therefore we decided to push out an update for 1.3 as we always encourage people to run the latest stable version. Updates for the 1.2 and even 1.2 series will follow soon.
As an immediate measure to protect your 1.2 installation, you can disable the archive plugin until an update is available.
Kind regards, Thomas
On Thu, Apr 12, 2018 at 3:42 AM, Mike Burger mburger@bubbanfriends.org wrote:
Not to worry...1.2 will be covered.
About 11 minutes before you sent this email, an announcement email came out about the fix for 1.3.6 and at the end, noted:
"We strongly recommend to update all productive installations of Roundcube with this new version. Updates for older LTS versions will follow soon."
On 2018-04-11 4:55 pm, Peter Thomassen wrote:
Hi,
Today, security update 1.3.6 was released, but there was no update for the 1.2 line. In November, there was an update for 1.2 (and even 1.1).
Now, I am wondering whether 1.2 has reached its end of life, or whether the security issue only affected 1.3.
How can I find out the support cycles for the various lines? I couldn't manage to figure it out on the web site.
Thanks!
Best, Peter
Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
-- Mike Burger http://www.bubbanfriends.org
"It's always suicide-mission this, save-the-planet that. No one ever just stops by to say 'hi' anymore." --Colonel Jack O'Neill, SG1 _______________________________________________ Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
-
Mike Burger -
Peter Thomassen -
Thomas Bruederli