Control: tags -1 + moreinfo On 2014-12-14 23:07, Matt Kraai wrote:
Is it OK to uploade rabbitmq-server/3.3.5-1.1 to testing-proposed-updates?773134 reports that it is insecure because it trusts the X-Forwarded-For HTTPheader. The following patches were applied upstream to fix this: * http://hg.rabbitmq.com/rabbitmq-management/rev/c3c41177a11a * http://hg.rabbitmq.com/rabbitmq-management/rev/35e916df027d rabbitmq-server/3.4.1-1 is already in unstable.
That new upstream version was uploaded at urgency=high the day before the freeze, with no explanation other than "new upstream release". Given that 3.4.0 had been out for a fortnight by that point, it looks very much like trying to game the freeze. :-(
rabbitmq-server maintainers, are there any other RC bugs that you're planning to file on the package?
Regards, Adam