Geoff Howard wrote:
Tony Collen wrote:

Joerg Heinicke wrote:

http://www.securiteam.com/securitynews/6W00L0U8KC.html

Hey, someone wanted to test the Cocoon community :-)

Joerg


Hm, I think we should consider releasing 2.1.3 as a security update.


+1  I thought Carsten had already proposed a date because of the
Gettogether improvements?

In this case, do we have any procedure for fixing something "bad" like the directory traveral bug, and getting a fix out to users in a timely fashion?


One possible solution: Fix the problem in CVS HEAD, and then backport it to the last released version (in this case 2.1.2), and make a small security update release -- maybe as 2.1.3 or 2.1.2pl1 or something.

Even though the problem isn't that bad since it's in a sample, something may come down the road later where we have to fix something of a more serious nature, and get a new version out. Waiting for a freeze/release cycle might be too long if the problem is urgent enough.

Thoughts?

Tony



Reply via email to