[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Roundcube Webmail 1.4.5

On 2020-06-03 13:00, Guilhem Moulin wrote:
Wow.  That conclusion seems premature, 1.4.5 was released last night
(and not announced to <announce@lists.roundcube.net> for some reason)
and not even uploaded to sid yet.  The vulnerabilities aren't serious
enough not to wait for the package to transition to testing (with
priority=high).  Like for 1.4.4.

To illuminate the timeline a little:

I am subscribed to the project in Github, so I got a mail about bug 7406 [1]
which had no details at the time other than it was security
(It looks like the bug description has been edited after the 1.4.5 release).

The github project owner replied quite promptly to say that the bugs where fixed and a new release would be out "in a few days", so I expected this 1.4.5 release

I would have expected the Debian package maintainer to also be subscribed to the
project upstream on github, and to have been anticipating this release.

In addition, When the latest release was made it was accidentally tagged as 1.4.4 on github which did confuse things for a day or so until the issue was corrected.

[1] https://github.com/roundcube/roundcubemail/issues/7406

David Pottage

Reply to: