https://bugzilla.wikimedia.org/show_bug.cgi?id=60271
--- Comment #16 from Jeff Green ---
Upgrade process notes:
disable iodine https/smtpd monitoring
disable db48 mysql monitoring
root@iodine:/usr/local/src# wget
http://ftp.gwdg.de/pub/misc/otrs/otrs-3.2.14.tar.bz2
root@iodine:/opt# tar xjf /us
https://bugzilla.wikimedia.org/show_bug.cgi?id=60271
Jeff Green changed:
What|Removed |Added
Status|ASSIGNED|RESOLVED
Resolution|---
https://bugzilla.wikimedia.org/show_bug.cgi?id=60271
--- Comment #15 from Kunal Mehta (Legoktm) ---
The upgrade to 3.2.14 is scheduled for Wednesday Feb 12th, at 5AM UTC according
to the deployment schedule.
--
You are receiving this mail because:
You are on the CC list for the bug.
___
https://bugzilla.wikimedia.org/show_bug.cgi?id=60271
Ryan (Rjd0060) changed:
What|Removed |Added
Blocks||61101
--
You are receiving this mail
https://bugzilla.wikimedia.org/show_bug.cgi?id=60271
--- Comment #14 from Ryan (Rjd0060) ---
Just let us know so we can notify our users ASAP when this outage will occur.
Thanks, Jeff.
--
You are receiving this mail because:
You are on the CC list for the bug.
__
https://bugzilla.wikimedia.org/show_bug.cgi?id=60271
--- Comment #13 from Jeff Green ---
I set up a test db+webserver instance on db78 and went through the reinstall
process with 3.2.14. The OTRS packages needed reinstall as expected, and
everything appeared to go smoothly.
When we do the upgrad
https://bugzilla.wikimedia.org/show_bug.cgi?id=60271
--- Comment #12 from Jeff Green ---
I applied the fixed files per Martin's suggested workaround, so we should be in
reasonably good shape security wise.
I still intend to upgrade us to 3.2.14 which is the latest 3.2.x release once
I'm more con
https://bugzilla.wikimedia.org/show_bug.cgi?id=60271
--- Comment #11 from Jeff Green ---
I can work on this. Let's go for the latest 3.2 release. I will review the
release/upgrade information today.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.wikimedia.org/show_bug.cgi?id=60271
--- Comment #10 from Martin Edenhofer ---
Sorry, this are the correct urls (in english):
http://znuny.com/en/#!/advisory/ZSA-2014-01
http://znuny.com/en/#!/advisory/ZSA-2014-02
--
You are receiving this mail because:
You are on the CC li
https://bugzilla.wikimedia.org/show_bug.cgi?id=60271
--- Comment #9 from Martin Edenhofer ---
Znuny (znuny.com) can assist. We have two options.
1) Just update fixed files, see also
http://znuny.com/de/#!/advisory/ZSA-2014-01
http://znuny.com/de/#!/advisory/ZSA-2014-02
2) Upgrade to lates
https://bugzilla.wikimedia.org/show_bug.cgi?id=60271
--- Comment #8 from Chris Steipp ---
And this was released yesterday,
https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface/
So we need to update to 3.2.14. I can't tell how critical the vulnerable
features are, so
https://bugzilla.wikimedia.org/show_bug.cgi?id=60271
--- Comment #7 from Jeff Green ---
I'm changing the bug topic to 3.2.x--IMO we should keep the minor/security
releases separate from the major version upgrade. The upgrade and tracking of
latest 3.2.x is a no-brainer, somthing I've been intendi
https://bugzilla.wikimedia.org/show_bug.cgi?id=60271
Jeff Green changed:
What|Removed |Added
Summary|Upgrade OTRS to the latest |Upgrade OTRS to the latest
13 matches
Mail list logo
