Hi,
We aren't making new upstream releases for 2.4.x since 2024, though fixes are backported so that downstreams can patch their packages.
Currently, there are 295 commits since 2.4.6: https://github.com/389ds/389-ds-base/compare/389-ds-base-2.4.6...389-ds-base-2.4
Currently, there are 295 commits since 2.4.6: https://github.com/389ds/389-ds-base/compare/389-ds-base-2.4.6...389-ds-base-2.4
If you're maintaining your own package, cherry-picking the CVE fix from the 389-ds-base-2.4 branch is the recommended approach. The relevant commit should apply cleanly against 2.4.6.
If there's enough community interest in a 2.4.7 tag, we can discuss it, but the current policy is to keep the branch maintained without cutting new upstream releases.
Thanks.
On Tue, Jun 30, 2026 at 5:02 PM Dave Botsch via 389-users <389-users@lists.fedoraproject.org> wrote:
Was just browsing through... last 2.4.x release is 2.4.6 from what I see
tagged.
And there's Issue 7503, CVE-2026-9064 ...
does it make sense to tag a 2.4.7 that is 2.4.6 with that CVE cherry
picked?
thanks
--
********************************
David William Botsch
Programmer/Analyst
@CornellCNF
botsch@cnf.cornell.edu
********************************
--
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
Viktor
-- _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
No comments:
Post a Comment