<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

</head>

<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">

<div style="line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;" class=""><span style="font-size: 11pt; font-family: Arial; font-variant-ligatures: normal; font-variant-east-asian: normal; font-variant-position: normal; vertical-align: baseline;" class="">Dear

 All,</span><span style="font-size: 11pt; font-family: Arial; font-variant-ligatures: normal; font-variant-east-asian: normal; font-variant-position: normal; vertical-align: baseline;" class=""><br class="kix-line-break">

<br class="kix-line-break">

</span></div>

<div style="line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;" class=""><span style="font-size: 11pt; font-family: Arial; font-variant-ligatures: normal; font-variant-east-asian: normal; font-variant-position: normal; vertical-align: baseline;" class="">We

 are postponing our upcoming OMERO 5.3.4 security release including the OMERO 5.2 workaround until Wednesday 13 September to allow time for further testing.

</span></div>

<br class="">

<div style="line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;" class=""><span style="font-size: 11pt; font-family: Arial; font-variant-ligatures: normal; font-variant-east-asian: normal; font-variant-position: normal; vertical-align: baseline;" class="">We

 will address a second security vulnerability later this month with the release of OMERO 5.4.0. This vulnerability will also be addressed in a security release of OMERO 5.3.</span></div>

<div style="line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;" class=""><span style="font-size: 11pt; font-family: Arial; font-variant-ligatures: normal; font-variant-east-asian: normal; font-variant-position: normal; vertical-align: baseline;" class="">There

 will be no corresponding security releases for OMERO 5.2 as support for this series will be dropped. All sysadmins should schedule upgrading their servers to at least OMERO 5.3 before the end of September 2017.</span></div>

<div style="line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;" class=""><span style="font-size: 11pt; font-family: Arial; font-variant-ligatures: normal; font-variant-east-asian: normal; font-variant-position: normal; vertical-align: baseline;" class=""><br class="kix-line-break">

</span><span style="font-size: 11pt; font-family: Arial; font-variant-ligatures: normal; font-variant-east-asian: normal; font-variant-position: normal; vertical-align: baseline;" class="">Regards,</span></div>

<div style="line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;" class=""><span style="font-size: 11pt; font-family: Arial; font-variant-ligatures: normal; font-variant-east-asian: normal; font-variant-position: normal; vertical-align: baseline;" class="">The

 OME team</span></div>

<div style="line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;" class=""><span style="font-size: 11pt; font-family: Arial; font-variant-ligatures: normal; font-variant-east-asian: normal; font-variant-position: normal; vertical-align: baseline;" class=""><br class="">

</span></div>

<div>

<blockquote type="cite" class="">

<div class="">On 7 Sep 2017, at 16:54, Sebastien Besson (Staff) <<a href="mailto:s.besson@dundee.ac.uk" class="">s.besson@dundee.ac.uk</a>> wrote:</div>

<br class="Apple-interchange-newline">

<div class="">

<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">

<div style="line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;" class=""><span style="font-size: 11pt; font-family: Arial; font-variant-ligatures: normal; font-variant-east-asian: normal; font-variant-position: normal; vertical-align: baseline;" class="">Hi

 David,</span></div>

<br class="">

<div style="line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;" class=""><span style="font-size: 11pt; font-family: Arial; font-variant-ligatures: normal; font-variant-east-asian: normal; font-variant-position: normal; vertical-align: baseline;" class="">Thanks

 for raising the issue. Our plan has been to only release OMERO 5.3.4 and include the security fixes in the upcoming OMERO 5.4.0.</span></div>

<br class="">

<div style="line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;" class=""><span style="font-size: 11pt; font-family: Arial; font-variant-ligatures: normal; font-variant-east-asian: normal; font-variant-position: normal; vertical-align: baseline;" class="">However,

 we understand that a portion of our community is still using OMERO 5.2 and might not be able to upgrade to OMERO 5.3 within such short notice. Instead of a full 5.2.9 release, we are currently investigating workarounds for the OMERO 5.2.x series that will

 be documented in the security advisories.</span></div>

<br class="">

<div style="line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;" class=""><span style="font-size: 11pt; font-family: Arial; font-variant-ligatures: normal; font-variant-east-asian: normal; font-variant-position: normal; vertical-align: baseline;" class="">Nevertheless,

 upgrading to OMERO 5.3 will be very much suggested as following this update we will exclusively focus on the release of OMERO 5.4.0 due by the end of this month </span><span style="font-family: Arial; font-size: 14.666666984558105px;" class="">[1]</span><span style="font-family: Arial; font-size: 14.666666984558105px;" class=""> </span><span style="font-family: Arial; font-size: 11pt;" class="">which

 will drop all security support for OMERO 5.2.</span></div>

<br class="">

<div style="line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;" class=""><span style="font-size: 11pt; font-family: Arial; font-variant-ligatures: normal; font-variant-east-asian: normal; font-variant-position: normal; vertical-align: baseline;" class="">Best

 regards,</span></div>

<div style="line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;" class=""><span style="font-size: 11pt; font-family: Arial; font-variant-ligatures: normal; font-variant-east-asian: normal; font-variant-position: normal; vertical-align: baseline;" class="">Sébastien</span></div>

<br class="">

<div style="line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;" class=""><span style="font-size: 11pt; font-family: Arial; font-variant-ligatures: normal; font-variant-east-asian: normal; font-variant-position: normal; vertical-align: baseline;" class="">[1]

<a href="https://trello.com/b/SiqOu2Bl/omero-540" class="">https://trello.com/b/SiqOu2Bl/omero-540</a></span></div>

<div style="line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;" class=""><span style="font-size: 11pt; font-family: Arial; font-variant-ligatures: normal; font-variant-east-asian: normal; font-variant-position: normal; vertical-align: baseline;" class=""><br class="">

</span></div>

<div class="">

<blockquote type="cite" class="">

<div class="">On 7 Sep 2017, at 12:12, Carnë Draug <<a href="mailto:carandraug+dev@GMAIL.COM" class="">carandraug+dev@GMAIL.COM</a>> wrote:</div>

<br class="Apple-interchange-newline">

<div class="">

<div class="">On 6 September 2017 at 15:26, "Helen Flynn (Staff)" <<a href="mailto:h.flynn@dundee.ac.uk" class="">h.flynn@dundee.ac.uk</a>>wrote:<br class="">

<blockquote type="cite" class="">Dear All,<br class="">

<br class="">

On Monday 11th September we expect to release a security update for<br class="">

OMERO servers.<br class="">

<br class="">

This release will include two severe vulnerabilities and all<br class="">

sysadmins should schedule upgrading their servers to the new 5.3.4<br class="">

version as soon as possible.<br class="">

<br class="">

Regards,<br class="">

<br class="">

The OME Team<br class="">

</blockquote>

<br class="">

Hi<br class="">

<br class="">

Is this security fix for the 5.3.x series only or is a bug that also<br class="">

affects the 5.2.x series?  If the later, will there be a 5.2.9 release<br class="">

with a backported fix?<br class="">

<br class="">

Thank you<br class="">

David<br class="">

_______________________________________________<br class="">

ome-devel mailing list<br class="">

<a href="mailto:ome-devel@lists.openmicroscopy.org.uk" class="">ome-devel@lists.openmicroscopy.org.uk</a><br class="">

<a href="http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-devel" class="">http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-devel</a><br class="">

</div>

</div>

</blockquote>

</div>

<br class="">

<br class="">

<span style="font-size:10pt;" class="">The University of Dundee is a registered Scottish Charity, No: SC015096</span>

</div>

_______________________________________________<br class="">

ome-devel mailing list<br class="">

<a href="mailto:ome-devel@lists.openmicroscopy.org.uk" class="">ome-devel@lists.openmicroscopy.org.uk</a><br class="">

http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-devel<br class="">

</div>

</blockquote>

</div>

<br class="">

<br>

<span style="font-size:10pt;">The University of Dundee is a registered Scottish Charity, No: SC015096</span>

</body>

</html>