Discussion:
[RCU] End of Life for 1.2?
Peter Thomassen
2018-04-11 20:55:17 UTC
Permalink
Hi,

Today, security update 1.3.6 was released, but there was no update for
the 1.2 line. In November, there was an update for 1.2 (and even 1.1).

Now, I am wondering whether 1.2 has reached its end of life, or whether
the security issue only affected 1.3.

How can I find out the support cycles for the various lines? I couldn't
manage to figure it out on the web site.

Thanks!

Best,
Peter
--
------------------------------------------
a4a GmbH
Scheffelstr. 14
97072 WÃŒrzburg
Germany

web: https://a4a.de
e-mail: ***@a4a.de
Mike Burger
2018-04-12 01:42:43 UTC
Permalink
Not to worry...1.2 will be covered.

About 11 minutes before you sent this email, an announcement email came
out about the fix for 1.3.6 and at the end, noted:

"We strongly recommend to update all productive installations of
Roundcube with this new version.
Updates for older LTS versions will follow soon."
Post by Peter Thomassen
Hi,
Today, security update 1.3.6 was released, but there was no update for
the 1.2 line. In November, there was an update for 1.2 (and even 1.1).
Now, I am wondering whether 1.2 has reached its end of life, or whether
the security issue only affected 1.3.
How can I find out the support cycles for the various lines? I couldn't
manage to figure it out on the web site.
Thanks!
Best,
Peter
_______________________________________________
Roundcube Users mailing list
http://lists.roundcube.net/mailman/listinfo/users
--
Mike Burger
http://www.bubbanfriends.org

"It's always suicide-mission this, save-the-planet that. No one ever
just stops by to say 'hi' anymore." --Colonel Jack O'Neill, SG1
Thomas Bruederli
2018-04-12 20:45:21 UTC
Permalink
Hi Peter

As it was already pointed out, we promised updates to older versions
in our announcement message and we'll keep words.

Usually when somebody discovers a vulnerability like the recent one,
we're getting contacted with private messages and together with the
reporter we'd then coordinate the public communication once updates to
all supported versions are available and ready to roll out. This time,
however, the reporter chose to use public channels to inform about the
issue and even published an article on medium.com about his findings
before we were able to establish proper fixes for all supported
versions of Roundcube. Therefore we decided to push out an update for
1.3 as we always encourage people to run the latest stable version.
Updates for the 1.2 and even 1.2 series will follow soon.

As an immediate measure to protect your 1.2 installation, you can
disable the archive plugin until an update is available.

Kind regards,
Thomas
Post by Mike Burger
Not to worry...1.2 will be covered.
About 11 minutes before you sent this email, an announcement email came out
"We strongly recommend to update all productive installations of Roundcube
with this new version.
Updates for older LTS versions will follow soon."
Post by Peter Thomassen
Hi,
Today, security update 1.3.6 was released, but there was no update for
the 1.2 line. In November, there was an update for 1.2 (and even 1.1).
Now, I am wondering whether 1.2 has reached its end of life, or whether
the security issue only affected 1.3.
How can I find out the support cycles for the various lines? I couldn't
manage to figure it out on the web site.
Thanks!
Best,
Peter
_______________________________________________
Roundcube Users mailing list
http://lists.roundcube.net/mailman/listinfo/users
--
Mike Burger
http://www.bubbanfriends.org
"It's always suicide-mission this, save-the-planet that. No one ever just
stops by to say 'hi' anymore." --Colonel Jack O'Neill, SG1
_______________________________________________
Roundcube Users mailing list
http://lists.roundcube.net/mailman/listinfo/users
Loading...