cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tony Collen <>
Subject Re: Release 2.1.3? (Was: Re: [FYI] Apache Cocoon Directory Traversal Vulnerability)
Date Fri, 24 Oct 2003 19:09:40 GMT
Geoff Howard wrote:
> Tony Collen wrote:
>> Joerg Heinicke wrote:
>>> Hey, someone wanted to test the Cocoon community :-)
>>> Joerg
>> Hm, I think we should consider releasing 2.1.3 as a security update.
> +1  I thought Carsten had already proposed a date because of the
> Gettogether improvements?

In this case, do we have any procedure for fixing something "bad" like the directory traveral
and getting a fix out to users in a timely fashion?

One possible solution:  Fix the problem in CVS HEAD, and then backport it to the last released

version (in this case 2.1.2), and make a small security update release -- maybe as 2.1.3 or
or something.

Even though the problem isn't that bad since it's in a sample, something may come down the
later where we have to fix something of a more serious nature, and get a new version out.
for a freeze/release cycle might be too long if the problem is urgent enough.



View raw message