Hi, On Wed, Jul 14, 2021 at 09:18:24PM +0200, Sebastiaan Couwenberg wrote: > Control: tags -1 pending > > On 7/14/21 9:00 PM, Salvatore Bonaccorso wrote: > > If you fix the vulnerabilities please also make sure to include the > > CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. > > 2.9.0 would ideally have been uploaded (to experimental) which contains > the fixes for these issues, but it requires a more recent version of > icingaweb2-module-ipl (#991117). Those module packages are maintained > outside the Nagios team which complicates issues. > > 2.8.3 will be uploaded instead.
Thanks! About the new upstream version, looks apart the two fixes there were other changes done, so given we are very short before the full freeze for bullseye it might be more suitable to just cherry-pick https://github.com/Icinga/icingaweb2/commit/ffe8741c66af6ea085514a35ec878093b991875c and https://github.com/Icinga/icingaweb2/commit/80875d91bbfa52553fe7bb2c1a32a9814880d9c1 ? Can you please double-check with the release team for a pre-approval of 2.8.3 otherwise? Regards, Salvatore
