Thanks Sally and John. Since the disclosure has been announced, explicit release announcement may not be necessary on announce@.
We'll make sure to send announcements on annouce@ in future. Regards. On Sat, Oct 29, 2016 at 1:30 AM, Sally Khudairi <s...@apache.org> wrote: > Thank you, John. > > I just moderated the message through. This should appear in the apache.org > archives within the next hour. > > Kind regards, > Sally > > = = = = = > vox +1 617 921 8656 > gvox +1 646 598 4616 > skype sallykhudairi > > > ------------------------------ > *From:* John Kinsella <jlkin...@gmail.com> > *To:* Sally Khudairi <s...@apache.org> > *Cc:* "<marketing@cloudstack.apache.org>" <marketing@cloudstack.apache.org>; > Rohit Yadav <bhais...@apache.org> > *Sent:* Friday, October 28, 2016 3:44 PM > > *Subject:* Re: [ANNOUNCE] Apache CloudStack Security Releases 4.8.1.1, > 4.9.0.1 > > My bad, didn’t realize that. I’ll send the advisory message to announce@, > and update our security release guidelines to follow that in the future. > > > On Oct 28, 2016, at 12:38 PM, Sally Khudairi <s...@apache.org> wrote: > > Thanks, John. > > However the Project wishes to announce is fine, however, the > annou...@apache.org channel is where projects commonly list CVE notices, > which is why I mentioned it. > > Examples are at [1], [2], and [3]. Do let me know should you reconsider. > > Kind regards, > Sally > > [1] http://mail-archives.apache.org/mod_mbox/www- > announce/201607.mbox/browser > [2] http://mail-archives.apache.org/mod_mbox/www-announce/ > 201606.mbox/browser > [3] http://mail-archives.apache.org/mod_mbox/www- > announce/201610.mbox/browser --both pages 1 and 2 (=6 notices from Apache > Tomcat) > > = = = = = > vox +1 617 921 8656 > gvox +1 646 598 4616 > skype sallykhudairi > > > ------------------------------ > *From:* John Kinsella <jlkin...@gmail.com> > *To:* "<marketing@cloudstack.apache.org>" <marketing@cloudstack.apache.org>; > Sally Khudairi <s...@apache.org> > *Cc:* Rohit Yadav <bhais...@apache.org> > *Sent:* Friday, October 28, 2016 2:13 PM > *Subject:* Re: [ANNOUNCE] Apache CloudStack Security Releases 4.8.1.1, > 4.9.0.1 > > Seems like it’d be better to use that channel for upcoming releases that > have new functionality, not “just” a security fix? > > On Oct 28, 2016, at 11:09 AM, Sally Khudairi <s...@apache.org> wrote: > > Thanks, Rohit. > > If you'd like to send this to annou...@apache.org (Foundation-wide > announcements; will be included in the weekly Apache News Round-Up), I will > be happy to moderate it through. > > Kind regards, > Sally > > = = = = = > vox +1 617 921 8656 > gvox +1 646 598 4616 > skype sallykhudairi > > > ------------------------------ > *From:* Rohit Yadav <bhais...@apache.org> > *To:* annou...@cloudstack.apache.org; "d...@cloudstack.apache.org" < > d...@cloudstack.apache.org>; "us...@cloudstack.apache.org" < > us...@cloudstack.apache.org>; "marketing@cloudstack.apache.org" < > marketing@cloudstack.apache.org> > *Sent:* Thursday, October 27, 2016 12:07 AM > *Subject:* [ANNOUNCE] Apache CloudStack Security Releases 4.8.1.1, 4.9.0.1 > > # Apache CloudStack Security Releases 4.8.1.1, 4.9.0.1 > > The Apache CloudStack project announces security releases 4.8.1.1, 4.9.0.1 > that fixes the bug causing vulnerability over previously released minor > versions 4.8.1 and 4.9.0 respectively. As a security release, no new > features are included but only includes the fix for CVE-2016-6813. > > Apache CloudStack is an integrated Infrastructure-as-a-Service (IaaS) > software platform that allows users to build feature-rich public and > private cloud environments. CloudStack includes an intuitive user interface > and rich API for managing the compute, networking, software, and storage > resources. The project became an Apache top level project in March 2013. > > More information about Apache CloudStack can be found at: > > http://cloudstack.apache.org/ > > ## Upgrade Notes > > Affected users are only required to upgrade their management server(s) to > suitable security release version. The upgrade does not require any > database or systemvm-template related change. > > ## Downloads > > The official source code release can be downloaded from: > > http://cloudstack.apache.org/ downloads.html > <http://cloudstack.apache.org/downloads.html> > > In addition to the official source code release, individual contributors > have also made convenience binaries available on the Apache CloudStack > download page, and as follows: > > http://www.shapeblue.com/ packages/ <http://www.shapeblue.com/packages/> > http://cloudstack.apt-get.eu/ ubuntu/dists/ > <http://cloudstack.apt-get.eu/ubuntu/dists/> (packages to be published > soon) > http://cloudstack.apt-get.eu/ centos/6/ > <http://cloudstack.apt-get.eu/centos/6/> (packages to be published soon) > http://cloudstack.apt-get.eu/ centos/7/ > <http://cloudstack.apt-get.eu/centos/7/> (packages to be published soon) > > ### > > Regards, > Rohit Yadav > > > > > > > > >
