Re: Question about modsecurity-crs package upgrade
Hi Paul, and others,
On Mon, Sep 12, 2022 at 10:21:12PM +0200, Paul Gevers wrote:
> Hi,
>
> On 02-09-2022 14:35, Ervin Hegedüs wrote:
> > *We need to know if we could add this patch to the existing packages
> > (3.3 in both Debian 10 and Debian 11) without CVE or not.*
>
> Well, Debian 10 got it's last official point release last Saturday, so we're
> not considering that anymore. For the current stable (Debian 11), we don't
> need CVE's for updates, just a good justification of all the changes
> (assuming the justifications are in line with our stable release policy).
thank you for your answer. I think this is a good news.
> > If you have any idea, what is the easiest way to add these features to
> > the existing Debian releases, please let me know.
>
> Link [1] already has the procedure lined out. I'm not a stable release
> manager, but new features are normally not acceptable, so if you believe
> they fix important (or more, see [2] for definition of severity) issues, be
> verbose in explaining the issue their fixing and how they fix it.
thank you for the explanation.
We are going to prepare the new packages.
a.
Reply to: