My bad, didn’t realize that. I’ll send the advisory message to announce@, and update our security release guidelines to follow that in the future.
> On Oct 28, 2016, at 12:38 PM, Sally Khudairi <s...@apache.org> wrote: > > Thanks, John. > > However the Project wishes to announce is fine, however, the > annou...@apache.org channel is where projects commonly list CVE notices, > which is why I mentioned it. > > Examples are at [1], [2], and [3]. Do let me know should you reconsider. > > Kind regards, > Sally > > [1] http://mail-archives.apache.org/mod_mbox/www-announce/201607.mbox/browser > <http://mail-archives.apache.org/mod_mbox/www-announce/201607.mbox/browser> > [2] http://mail-archives.apache.org/mod_mbox/www-announce/201606.mbox/browser > <http://mail-archives.apache.org/mod_mbox/www-announce/201606.mbox/browser> > [3] http://mail-archives.apache.org/mod_mbox/www-announce/201610.mbox/browser > <http://mail-archives.apache.org/mod_mbox/www-announce/201610.mbox/browser> > --both pages 1 and 2 (=6 notices from Apache Tomcat) > > = = = = = > vox +1 617 921 8656 > gvox +1 646 598 4616 > skype sallykhudairi > > > From: John Kinsella <jlkin...@gmail.com> > To: "<marketing@cloudstack.apache.org>" <marketing@cloudstack.apache.org>; > Sally Khudairi <s...@apache.org> > Cc: Rohit Yadav <bhais...@apache.org> > Sent: Friday, October 28, 2016 2:13 PM > Subject: Re: [ANNOUNCE] Apache CloudStack Security Releases 4.8.1.1, 4.9.0.1 > > Seems like it’d be better to use that channel for upcoming releases that have > new functionality, not “just” a security fix? > >> On Oct 28, 2016, at 11:09 AM, Sally Khudairi <s...@apache.org >> <mailto:s...@apache.org>> wrote: >> >> Thanks, Rohit. >> >> If you'd like to send this to annou...@apache.org >> <mailto:annou...@apache.org> (Foundation-wide announcements; will be >> included in the weekly Apache News Round-Up), I will be happy to moderate it >> through. >> >> Kind regards, >> Sally >> >> = = = = = >> vox +1 617 921 8656 >> gvox +1 646 598 4616 >> skype sallykhudairi >> >> >> From: Rohit Yadav <bhais...@apache.org <mailto:bhais...@apache.org>> >> To: annou...@cloudstack.apache.org <mailto:annou...@cloudstack.apache.org>; >> "d...@cloudstack.apache.org <mailto:d...@cloudstack.apache.org>" >> <d...@cloudstack.apache.org <mailto:d...@cloudstack.apache.org>>; >> "us...@cloudstack.apache.org <mailto:us...@cloudstack.apache.org>" >> <us...@cloudstack.apache.org <mailto:us...@cloudstack.apache.org>>; >> "marketing@cloudstack.apache.org <mailto:marketing@cloudstack.apache.org>" >> <marketing@cloudstack.apache.org <mailto:marketing@cloudstack.apache.org>> >> Sent: Thursday, October 27, 2016 12:07 AM >> Subject: [ANNOUNCE] Apache CloudStack Security Releases 4.8.1.1, 4.9.0.1 >> >> # Apache CloudStack Security Releases 4.8.1.1, 4.9.0.1 >> >> The Apache CloudStack project announces security releases 4.8.1.1, 4.9.0.1 >> that fixes the bug causing vulnerability over previously released minor >> versions 4.8.1 and 4.9.0 respectively. As a security release, no new >> features are included but only includes the fix for CVE-2016-6813. >> >> Apache CloudStack is an integrated Infrastructure-as-a-Service (IaaS) >> software platform that allows users to build feature-rich public and private >> cloud environments. CloudStack includes an intuitive user interface and rich >> API for managing the compute, networking, software, and storage resources. >> The project became an Apache top level project in March 2013. >> >> More information about Apache CloudStack can be found at: >> >> http://cloudstack.apache.org/ <http://cloudstack.apache.org/> >> >> ## Upgrade Notes >> >> Affected users are only required to upgrade their management server(s) to >> suitable security release version. The upgrade does not require any database >> or systemvm-template related change. >> >> ## Downloads >> >> The official source code release can be downloaded from: >> >> http://cloudstack.apache.org/ downloads.html >> <http://cloudstack.apache.org/downloads.html> >> >> In addition to the official source code release, individual contributors >> have also made convenience binaries available on the Apache CloudStack >> download page, and as follows: >> >> http://www.shapeblue.com/ packages/ <http://www.shapeblue.com/packages/> >> http://cloudstack.apt-get.eu/ ubuntu/dists/ >> <http://cloudstack.apt-get.eu/ubuntu/dists/> (packages to be published soon) >> http://cloudstack.apt-get.eu/ centos/6/ >> <http://cloudstack.apt-get.eu/centos/6/> (packages to be published soon) >> http://cloudstack.apt-get.eu/ centos/7/ >> <http://cloudstack.apt-get.eu/centos/7/> (packages to be published soon) >> >> ### >> >> Regards, >> Rohit Yadav >> >> > > >
