Wednesday, July 1, 2026

[389-users] Re: 2.4.7 with CVE-2026-9064 ?

Hi,

We aren't making new upstream releases for 2.4.x since 2024, though fixes are backported so that downstreams can patch their packages.
Currently, there are 295 commits since 2.4.6: https://github.com/389ds/389-ds-base/compare/389-ds-base-2.4.6...389-ds-base-2.4
If you're maintaining your own package, cherry-picking the CVE fix from the 389-ds-base-2.4 branch is the recommended approach. The relevant commit should apply cleanly against 2.4.6.

If there's enough community interest in a 2.4.7 tag, we can discuss it, but the current policy is to keep the branch maintained without cutting new upstream releases.

Thanks.

On Tue, Jun 30, 2026 at 5:02 PM Dave Botsch via 389-users <389-users@lists.fedoraproject.org> wrote:
Was just browsing through... last 2.4.x release is 2.4.6 from what I see
tagged.

And there's Issue 7503, CVE-2026-9064 ...

does it make sense to tag a 2.4.7 that is 2.4.6 with that CVE cherry
picked?

thanks

--
********************************
David William Botsch
Programmer/Analyst
@CornellCNF
botsch@cnf.cornell.edu
********************************
--
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new


--
Viktor

-- _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new

No comments:

Post a Comment