On Fri, Jan 12, 2018, at 2:51 AM, Binarus wrote:> On 11.01.2018 20:51, Asterisk Development Team wrote: > > The Asterisk Development Team would like to announce the release of > > Asterisk 13.19.0. > > This release is available for immediate download at > > http://downloads.asterisk.org/pub/telephony/asterisk > > > > The release of Asterisk 13.19.0 resolves several issues reported by the > > community and would have not been possible without your participation. > > > > *Thank you!* > > Thank you very much for caring so much about security and bug fixes! > > But in this case, I am slightly worried. I saw the announcements for > version 13 and version 15, but no announcement for version 14 yet. The > website currently still offers 14.7.5 for download. > > Could this be one of the rare cases where 13 and 15 needed security > fixes, but 14 didn't?These are normal bug fix releases, not security releases. As such 14 did not receive a release. -- Joshua Colp Digium, Inc. | Senior Software Developer 445 Jan Davis Drive NW - Huntsville, AL 35806 - US Check us out at: www.digium.com & www.asterisk.org
Thanks for taking the time, but ... On 12.01.2018 12:04, Joshua Colp wrote:>> Could this be one of the rare cases where 13 and 15 needed security >> fixes, but 14 didn't? > > These are normal bug fix releases, not security releases. As such 14 did not receive a release. >Interesting. The announcements for 13.19.0 and 15.2.0 you have made here both list all issues which have been fixed in the section "Bugs fixed in this release". However, ASTERISK-27480 ASTERISK-27452 ASTERISK-27337 ASTERISK-27319 seem to be security related (according to the short explanation texts in the announcements) and have been fixed both in 15.2.0 and 13.19.0. I am wondering why 14 does not suffer from them, or -if it suffers from them- why they are not considered security related there. I highly respect your work and don't want to steal your time since I have probably seriously misunderstood something, but could you please shortly explain what the string "Security: " (aka "(Security)" and with other wordings) at the beginning of the short explanation text for an issue exactly means? Thank you very much, Binarus
See https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions for information regarding the release cycle.?? It shows v14 went into security fix only mode on Sept 26 2017. On 01/12/2018 02:02 PM, Binarus wrote:> Thanks for taking the time, but ... > > On 12.01.2018 12:04, Joshua Colp wrote: > >>> Could this be one of the rare cases where 13 and 15 needed security >>> fixes, but 14 didn't? >> These are normal bug fix releases, not security releases. As such 14 did not receive a release. >> > Interesting. The announcements for 13.19.0 and 15.2.0 you have made here > both list all issues which have been fixed in the section "Bugs fixed in > this release". However, > > ASTERISK-27480 > ASTERISK-27452 > ASTERISK-27337 > ASTERISK-27319 > > seem to be security related (according to the short explanation texts in > the announcements) and have been fixed both in 15.2.0 and 13.19.0. > > I am wondering why 14 does not suffer from them, or -if it suffers from > them- why they are not considered security related there. > > I highly respect your work and don't want to steal your time since I > have probably seriously misunderstood something, but could you please > shortly explain what the string "Security: " (aka "(Security)" and with > other wordings) at the beginning of the short explanation text for an > issue exactly means? > > Thank you very much, > > Binarus >
On Fri, Jan 12, 2018, at 3:02 PM, Binarus wrote:> Thanks for taking the time, but ... > > On 12.01.2018 12:04, Joshua Colp wrote: > > >> Could this be one of the rare cases where 13 and 15 needed security > >> fixes, but 14 didn't? > > > > These are normal bug fix releases, not security releases. As such 14 did not receive a release. > > > > Interesting. The announcements for 13.19.0 and 15.2.0 you have made here > both list all issues which have been fixed in the section "Bugs fixed in > this release". However, > > ASTERISK-27480 > ASTERISK-27452 > ASTERISK-27337 > ASTERISK-27319 > > seem to be security related (according to the short explanation texts in > the announcements) and have been fixed both in 15.2.0 and 13.19.0. > > I am wondering why 14 does not suffer from them, or -if it suffers from > them- why they are not considered security related there. > > I highly respect your work and don't want to steal your time since I > have probably seriously misunderstood something, but could you please > shortly explain what the string "Security: " (aka "(Security)" and with > other wordings) at the beginning of the short explanation text for an > issue exactly means?If you check those specific issues on JIRA you can see the specific releases they went into. They were also done in 14 as part of the past security releases so they were still fixed there. The script just may not have been run with the proper arguments to generate things correctly. -- Joshua Colp Digium, Inc. | Senior Software Developer 445 Jan Davis Drive NW - Huntsville, AL 35806 - US Check us out at: www.digium.com & www.asterisk.org