announcing the security fix release
This commit is contained in:
parent
dc6cb6aa5f
commit
561e4531e5
3 changed files with 49 additions and 0 deletions
|
@ -8,3 +8,5 @@ This fix was really a lot easier than the previous fixes for
|
|||
CVE-2018-10857.
|
||||
Unfortunately this did mean not letting URL and WORM keys be downloaded
|
||||
from many special remotes by default, which is going to be painful for some.
|
||||
|
||||
[[!meta date="June 20 2018 5:00 pm"]]
|
||||
|
|
15
doc/devblog/day_505__security_fix_release.mdwn
Normal file
15
doc/devblog/day_505__security_fix_release.mdwn
Normal file
|
@ -0,0 +1,15 @@
|
|||
Just released git-annex 6.20180626 with important security fixes!
|
||||
|
||||
Please go upgrade now, read the [[release_notes|news/security_fix_release]]
|
||||
for details about some necessary behavior changes,
|
||||
and if you're curious about the details of the security holes,
|
||||
see [[the advisory|security/CVE-2018-10857_and_CVE-2018-10859]].
|
||||
|
||||
I've been dealing with these security holes for the past week and a half,
|
||||
and decided to use a security embargo while fixes were being developed
|
||||
due to the complexity of addressing security holes that impact both
|
||||
git-annex and external special remote programs. For the full story
|
||||
see past 5 posts in this devblog, which are being published all together
|
||||
now that the embargo is lifted.
|
||||
|
||||
[[!meta date="Jun 26 2018 12:00 pm"]]
|
Loading…
Add table
Add a link
Reference in a new issue