[ome-devel] OMERO security release update

Sebastien Besson (Staff) s.besson at dundee.ac.uk
Mon Sep 11 10:20:52 BST 2017


Dear All,

We are postponing our upcoming OMERO 5.3.4 security release including the OMERO 5.2 workaround until Wednesday 13 September to allow time for further testing.

We will address a second security vulnerability later this month with the release of OMERO 5.4.0. This vulnerability will also be addressed in a security release of OMERO 5.3.
There will be no corresponding security releases for OMERO 5.2 as support for this series will be dropped. All sysadmins should schedule upgrading their servers to at least OMERO 5.3 before the end of September 2017.

Regards,
The OME team

On 7 Sep 2017, at 16:54, Sebastien Besson (Staff) <s.besson at dundee.ac.uk<mailto:s.besson at dundee.ac.uk>> wrote:

Hi David,

Thanks for raising the issue. Our plan has been to only release OMERO 5.3.4 and include the security fixes in the upcoming OMERO 5.4.0.

However, we understand that a portion of our community is still using OMERO 5.2 and might not be able to upgrade to OMERO 5.3 within such short notice. Instead of a full 5.2.9 release, we are currently investigating workarounds for the OMERO 5.2.x series that will be documented in the security advisories.

Nevertheless, upgrading to OMERO 5.3 will be very much suggested as following this update we will exclusively focus on the release of OMERO 5.4.0 due by the end of this month [1] which will drop all security support for OMERO 5.2.

Best regards,
Sébastien

[1] https://trello.com/b/SiqOu2Bl/omero-540

On 7 Sep 2017, at 12:12, Carnë Draug <carandraug+dev at GMAIL.COM<mailto:carandraug+dev at GMAIL.COM>> wrote:

On 6 September 2017 at 15:26, "Helen Flynn (Staff)" <h.flynn at dundee.ac.uk<mailto:h.flynn at dundee.ac.uk>>wrote:
Dear All,

On Monday 11th September we expect to release a security update for
OMERO servers.

This release will include two severe vulnerabilities and all
sysadmins should schedule upgrading their servers to the new 5.3.4
version as soon as possible.

Regards,

The OME Team

Hi

Is this security fix for the 5.3.x series only or is a bug that also
affects the 5.2.x series?  If the later, will there be a 5.2.9 release
with a backported fix?

Thank you
David
_______________________________________________
ome-devel mailing list
ome-devel at lists.openmicroscopy.org.uk<mailto:ome-devel at lists.openmicroscopy.org.uk>
http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-devel


The University of Dundee is a registered Scottish Charity, No: SC015096
_______________________________________________
ome-devel mailing list
ome-devel at lists.openmicroscopy.org.uk<mailto:ome-devel at lists.openmicroscopy.org.uk>
http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-devel


The University of Dundee is a registered Scottish Charity, No: SC015096
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openmicroscopy.org.uk/pipermail/ome-devel/attachments/20170911/b5424fb7/attachment.html>


More information about the ome-devel mailing list