Hiya, On 06/11/19 11:47 am, Brian May wrote: > Utkarsh Gupta <guptautkarsh2102@gmail.com> writes: > >> I am not quite sure about what should we do here because the update (DLA >> 1956-1) doesn't quite fix the CVE completely and also brings some login >> problems as reported in #125. >> Because for now, #121 + #126 = actual CVE fix. But the login problem >> remains. > I guess we have three options: > > 1. Do nothing. > 2. Revert the #121 patch, because it could break. I haven't seen any > complaints however... Whilst that is true, I'd rather not want someone to face an "unexpected response" error. Though I hope no one is using that feature yet :) > 3. Apply the #126 patch too. Not 100% convinced this is a justified > change for LTS, but it "looks right". > 4. Wait longer for possible upstream solution to #125. > > Any opinions? I'd be a +1 on the 2nd and/or the 4th option. And a +0.5 on the 3rd. Best, Utkarsh
Attachment:
signature.asc
Description: OpenPGP digital signature