Public bug reported:
I maintain an email service for multiple customers, and our clamd setup
uses a custom socket path via the LocalSocket directive, allowing it to
integrate with our amavisd deployment.
This morning, I woke up to thousands of support tickets because a
package upgrade (from ClamAV 0.103 to 1.4.3, a major leap) was pushed
via ubuntu-security. This upgrade broke virus scanning across all of our
MTAs as the socket was moved to a systemd socket, not configurable
through ClamAV configs anymore.
This feels like a serious regression. Security updates on LTS releases
are expected not to break working deployments, especially in production
environments.
Is there any discussion or justification available in the Ubuntu mailing
lists or bug tracker explaining why such a disruptive upgrade was pushed
through ubuntu-security on an LTS version?
** Affects: clamav (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2115907
Title:
Unexpected ClamAV Major Upgrade in LTS (jammy) via ubuntu-security
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/2115907/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
