cloudstack-marketing mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Burwell <john.burw...@shapeblue.com>
Subject Re: [ANNOUNCE] Apache CloudStack Security Releases 4.8.1.1, 4.9.0.1
Date Mon, 31 Oct 2016 05:42:35 GMT
Sally,

I completely agree with you.  It demonstrates that we prioritize security issues and that
project is actively maintained.  I see no downside to broadcasting this announcement far and
wide.

Thanks,
-Johm


john.burwell@shapeblue.com 
www.shapeblue.com
53 Chandos Place, Covent Garden, London VA WC2N 4HSUK
@shapeblue
  
 

On Oct 29, 2016, at 11:01 AM, Sally Khudairi <sk@apache.org<mailto:sk@apache.org>>
wrote:

Thanks, Rohit.

To play devil's advocate in terms of communication --from the ASF perspective, we'd rather
see over-sharing than not, in alignment with our culture of transparency.

We have nothing to hide. Vulnerabilities occur in virtually all software. Better to state
what we know rather than give nay-sayers/haters a reason to poke us in the eye.

Cheers,
Sally

= = = = =
vox +1 617 921 8656
gvox +1 646 598 4616
skype sallykhudairi


________________________________
From: Rohit Yadav <bhaisaab@apache.org<mailto:bhaisaab@apache.org>>
To: Sally Khudairi <sk@apache.org<mailto:sk@apache.org>>
Cc: "marketing@cloudstack.apache.org<mailto:marketing@cloudstack.apache.org>" <marketing@cloudstack.apache.org<mailto:marketing@cloudstack.apache.org>>
Sent: Saturday, October 29, 2016 6:06 AM
Subject: Re: [ANNOUNCE] Apache CloudStack Security Releases 4.8.1.1, 4.9.0.1

Thanks Sally and John. Since the disclosure has been announced, explicit release announcement
may not be necessary on announce@.

We'll make sure to send announcements on annouce@ in future.

Regards.

On Sat, Oct 29, 2016 at 1:30 AM, Sally Khudairi <sk@apache.org<mailto:sk@apache.org>>
wrote:
Thank you, John.

I just moderated the message through. This should appear in the apache.org<http://apache.org/>
archives within the next hour.

Kind regards,
Sally

= = = = =
vox +1 617 921 8656
gvox +1 646 598 4616
skype sallykhudairi


________________________________
From: John Kinsella <jlkinsel@gmail.com<mailto:jlkinsel@gmail.com>>
To: Sally Khudairi <sk@apache.org<mailto:sk@apache.org>>
Cc: "<marketing@cloudstack.apache. org<mailto:marketing@cloudstack.apache.org>>"
<marketing@cloudstack.apache. org<mailto:marketing@cloudstack.apache.org>>; Rohit
Yadav <bhaisaab@apache.org<mailto:bhaisaab@apache.org>>
Sent: Friday, October 28, 2016 3:44 PM

Subject: Re: [ANNOUNCE] Apache CloudStack Security Releases 4.8.1.1, 4.9.0.1

My bad, didn’t realize that. I’ll send the advisory message to announce@, and update our
security release guidelines to follow that in the future.


On Oct 28, 2016, at 12:38 PM, Sally Khudairi <sk@apache.org<mailto:sk@apache.org>>
wrote:

Thanks, John.

However the Project wishes to announce is fine, however, the announce@apache.org<mailto:announce@apache.org>
channel is where projects commonly list CVE notices, which is why I mentioned it.

Examples are at [1], [2], and [3]. Do let me know should you reconsider.

Kind regards,
Sally

[1] http://mail-archives. apache.org/mod_mbox/www- announce/201607.mbox/browser<http://mail-archives.apache.org/mod_mbox/www-announce/201607.mbox/browser>
[2] http://mail-archives.apache. org/mod_mbox/www-announce/ 201606.mbox/browser<http://mail-archives.apache.org/mod_mbox/www-announce/201606.mbox/browser>
[3] http://mail-archives. apache.org/mod_mbox/www- announce/201610.mbox/browser<http://mail-archives.apache.org/mod_mbox/www-announce/201610.mbox/browser>
- -both pages 1 and 2 (=6 notices from Apache Tomcat)

= = = = =
vox +1 617 921 8656
gvox +1 646 598 4616
skype sallykhudairi


________________________________
From: John Kinsella <jlkinsel@gmail.com<mailto:jlkinsel@gmail.com>>
To: "<marketing@cloudstack.apache. org<mailto:marketing@cloudstack.apache.org>>"
<marketing@cloudstack.apache. org<mailto:marketing@cloudstack.apache.org>>; Sally
Khudairi <sk@apache.org<mailto:sk@apache.org>>
Cc: Rohit Yadav <bhaisaab@apache.org<mailto:bhaisaab@apache.org>>
Sent: Friday, October 28, 2016 2:13 PM
Subject: Re: [ANNOUNCE] Apache CloudStack Security Releases 4.8.1.1, 4.9.0.1

Seems like it’d be better to use that channel for upcoming releases that have new functionality,
not “just” a security fix?

On Oct 28, 2016, at 11:09 AM, Sally Khudairi <sk@apache.org<mailto:sk@apache.org>>
wrote:

Thanks, Rohit.

If you'd like to send this to announce@apache.org<mailto:announce@apache.org> (Foundation-wide
announcements; will be included in the weekly Apache News Round-Up), I will be happy to moderate
it through.

Kind regards,
Sally

= = = = =
vox +1 617 921 8656
gvox +1 646 598 4616
skype sallykhudairi


________________________________
From: Rohit Yadav <bhaisaab@apache.org<mailto:bhaisaab@apache.org>>
To: announce@cloudstack.apache.org<mailto:announce@cloudstack.apache.org> ; "dev@cloudstack.apache.org<mailto:dev@cloudstack.apache.org>"
<dev@cloudstack.apache.org<mailto:dev@cloudstack.apache.org>>; "users@cloudstack.apache.org<mailto:users@cloudstack.apache.org>"
<users@cloudstack.apache.org<mailto:users@cloudstack.apache.org>>; "marketing@cloudstack.apache.
org<mailto:marketing@cloudstack.apache.org>" <marketing@cloudstack.apache. org<mailto:marketing@cloudstack.apache.org>>
Sent: Thursday, October 27, 2016 12:07 AM
Subject: [ANNOUNCE] Apache CloudStack Security Releases 4.8.1.1, 4.9.0.1

# Apache CloudStack Security Releases 4.8.1.1, 4.9.0.1

The Apache CloudStack project announces security releases 4.8.1.1, 4.9.0.1 that fixes the
bug causing vulnerability over previously released minor versions 4.8.1 and 4.9.0 respectively.
As a security release, no new features are included but only includes the fix for CVE-2016-6813.

Apache CloudStack is an integrated Infrastructure-as-a-Service (IaaS) software platform that
allows users to build feature-rich public and private cloud environments. CloudStack includes
an intuitive user interface and rich API for managing the compute, networking, software, and
storage resources. The project became an Apache top level project in March 2013.

More information about Apache CloudStack can be found at:

http://cloudstack.apache.org/

## Upgrade Notes

Affected users are only required to upgrade their management server(s) to suitable security
release version. The upgrade does not require any database or systemvm-template related change.

## Downloads

The official source code release can be downloaded from:

http://cloudstack.apache.org/ downloads.html<http://cloudstack.apache.org/downloads.html>

In addition to the official source code release, individual contributors have also made convenience
binaries available on the Apache CloudStack download page, and as follows:

http://www.shapeblue.com/ packages/<http://www.shapeblue.com/packages/>
http://cloudstack.apt-get.eu/ ubuntu/dists/<http://cloudstack.apt-get.eu/ubuntu/dists/>
(packages to be published soon)
http://cloudstack.apt-get.eu/ centos/6/<http://cloudstack.apt-get.eu/centos/6/> (packages
to be published soon)
http://cloudstack.apt-get.eu/ centos/7/<http://cloudstack.apt-get.eu/centos/7/> (packages
to be published soon)

###

Regards,
Rohit Yadav












Mime
View raw message