Re: [RCU] End of Life for 1.2?

2018-04-12 Thread Thomas Bruederli 
Hi Peter

As it was already pointed out, we promised updates to older versions
in our announcement message and we'll keep words.

Usually when somebody discovers a vulnerability like the recent one,
we're getting contacted with private messages and together with the
reporter we'd then coordinate the public communication once updates to
all supported versions are available and ready to roll out. This time,
however, the reporter chose to use public channels to inform about the
issue and even published an article on medium.com about his findings
before we were able to establish proper fixes for all supported
versions of Roundcube. Therefore we decided to push out an update for
1.3 as we always encourage people to run the latest stable version.
Updates for the 1.2 and even 1.2 series will follow soon.

As an immediate measure to protect your 1.2 installation, you can
disable the archive plugin until an update is available.

Kind regards,
Thomas



On Thu, Apr 12, 2018 at 3:42 AM, Mike Burger  wrote:
> Not to worry...1.2 will be covered.
>
> About 11 minutes before you sent this email, an announcement email came out
> about the fix for 1.3.6 and at the end, noted:
>
> "We strongly recommend to update all productive installations of Roundcube
> with this new version.
> Updates for older LTS versions will follow soon."
>
> On 2018-04-11 4:55 pm, Peter Thomassen wrote:
>>
>> Hi,
>>
>> Today, security update 1.3.6 was released, but there was no update for
>> the 1.2 line. In November, there was an update for 1.2 (and even 1.1).
>>
>> Now, I am wondering whether 1.2 has reached its end of life, or whether
>> the security issue only affected 1.3.
>>
>> How can I find out the support cycles for the various lines? I couldn't
>> manage to figure it out on the web site.
>>
>> Thanks!
>>
>> Best,
>> Peter
>>
>> ___
>> Roundcube Users mailing list
>> users@lists.roundcube.net
>> http://lists.roundcube.net/mailman/listinfo/users
>
>
> --
> Mike Burger
> http://www.bubbanfriends.org
>
> "It's always suicide-mission this, save-the-planet that. No one ever just
> stops by to say 'hi' anymore." --Colonel Jack O'Neill, SG1
> ___
> Roundcube Users mailing list
> users@lists.roundcube.net
> http://lists.roundcube.net/mailman/listinfo/users
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] End of Life for 1.2?

2018-04-11 Thread Mike Burger 

Not to worry...1.2 will be covered.

About 11 minutes before you sent this email, an announcement email came 
out about the fix for 1.3.6 and at the end, noted:


"We strongly recommend to update all productive installations of 
Roundcube with this new version.

Updates for older LTS versions will follow soon."

On 2018-04-11 4:55 pm, Peter Thomassen wrote:

Hi,

Today, security update 1.3.6 was released, but there was no update for
the 1.2 line. In November, there was an update for 1.2 (and even 1.1).

Now, I am wondering whether 1.2 has reached its end of life, or whether
the security issue only affected 1.3.

How can I find out the support cycles for the various lines? I couldn't
manage to figure it out on the web site.

Thanks!

Best,
Peter

___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users


--
Mike Burger
http://www.bubbanfriends.org

"It's always suicide-mission this, save-the-planet that. No one ever 
just stops by to say 'hi' anymore." --Colonel Jack O'Neill, SG1

___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] End of Life for 1.2?

2018-04-11 Thread Peter Thomassen 
Hi,

Today, security update 1.3.6 was released, but there was no update for
the 1.2 line. In November, there was an update for 1.2 (and even 1.1).

Now, I am wondering whether 1.2 has reached its end of life, or whether
the security issue only affected 1.3.

How can I find out the support cycles for the various lines? I couldn't
manage to figure it out on the web site.

Thanks!

Best,
Peter

-- 
--
a4a GmbH
Scheffelstr. 14
97072 Würzburg
Germany

web: https://a4a.de
e-mail: i...@a4a.de



signature.asc
Description: OpenPGP digital signature
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users