[ome-devel] OMERO security release upcoming

[Sebastien Besson (Staff)]

Hi David,

Thanks for raising the issue. Our plan has been to only release OMERO 5.3.4 and include the security fixes in the upcoming OMERO 5.4.0.

However, we understand that a portion of our community is still using OMERO 5.2 and might not be able to upgrade to OMERO 5.3 within such short notice. Instead of a full 5.2.9 release, we are currently investigating workarounds for the OMERO 5.2.x series that will be documented in the security advisories.

Nevertheless, upgrading to OMERO 5.3 will be very much suggested as following this update we will exclusively focus on the release of OMERO 5.4.0 due by the end of this month [1] which will drop all security support for OMERO 5.2.

Best regards,
Sébastien

[1] https://trello.com/b/SiqOu2Bl/omero-540

On 7 Sep 2017, at 12:12, Carnë Draug <carandraug+dev at GMAIL.COM<mailto:carandraug+dev at GMAIL.COM>> wrote:

On 6 September 2017 at 15:26, "Helen Flynn (Staff)" <h.flynn at dundee.ac.uk<mailto:h.flynn at dundee.ac.uk>>wrote:
Dear All,

On Monday 11th September we expect to release a security update for
OMERO servers.

This release will include two severe vulnerabilities and all
sysadmins should schedule upgrading their servers to the new 5.3.4
version as soon as possible.

Regards,

The OME Team

Hi

Is this security fix for the 5.3.x series only or is a bug that also
affects the 5.2.x series?  If the later, will there be a 5.2.9 release
with a backported fix?

Thank you
David
_______________________________________________
ome-devel mailing list
ome-devel at lists.openmicroscopy.org.uk<mailto:ome-devel at lists.openmicroscopy.org.uk>
http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-devel


The University of Dundee is a registered Scottish Charity, No: SC015096
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openmicroscopy.org.uk/pipermail/ome-devel/attachments/20170907/3585f4d5/attachment.html>