Dear Security Team, the fixed version is now in bullseye. Thanks for that. What is the plan for buster and stretch? Do you prepare fixes? Greetings Christoph Am 06.08.21 um 11:46 schrieb Christoph Martin: > Hi Paul, > hi Salvatore, > > Am 06.08.21 um 09:32 schrieb Salvatore Bonaccorso: >>> >>> It's *very* late in the freeze so I need an answer *real soon*. You >>> didn't tell us how you tested the package, how upstream tested the >>> changes and how you *judge* the changes between bullseye and sid. I >>> can't estimate the risk by myself. >> >> From security team perspective, we could tend to confirm to be good >> option to actually go to 2.4.9 based version, if Christoph can confirm >> the above questions on testing. Was it tested in production >> environment as well? >> > > I have tested it in a production environment. > The package installs correctly on a bullseye system. > Upgrade of the package also works. > Login via our idp ist working as expected. > All expected env variables in phpinfo have the expected values. > > Regards > > Christoph >
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature