First, thank you all for the hard work you do on BIND. What is the proper mapping of "Current Stable, ESV", "Development", and "New Stable" BIND versions to their respective COPR repos? I feel like it should be obvious, but I am missing something.
I think I expected 9.18.28 to appear in isc/bind-esv with this release (which it does) and for 9.20.0 to appear in isc/bind (which it doesn't, as far as I can tell anyway). 9.18.28 does appear in isc/bind as well as in isc/bind-esv, which seems reasonable (though the "07776636-isc-bind-bind" directory is hidden in isc/bind, it is accessible and referenced in the respective repo xml files). I recognize that a direct upgrade from 9.18 to 9.20 for those on the isc/bind repo might be a bit surprising at this point, despite the very clear messaging about how the versioning is meant to work, but at the same time, I wouldn't expect we want people using the isc/bind-dev repo to get 9.20.0 for production use either. I don't recall how this transition was handled for 9.16->9.18, but if I recall it seemed like it just magically worked for us. But back then we weren't as aggressive about updating as we are now. I probably just missed some explanation somewhere about how the transition is meant to be handled, but my searches aren't returning anything specific to this situation. Speaking of which, is there an equivalent to the https://kb.isc.org/docs/changes-to-be-aware-of-when-moving-from-bind-916-to-918 article for 9.18->9.20? We have already upgraded most of our systems to 9.18.28, but want to move to 9.20.0 soon, but aren't certain the right way forward. Thanks again for this release. I know refactoring code is extremely challenging and doesn't get the praise it deserves. On Tue, Jul 23, 2024 at 7:30 AM Victoria Risk <vi...@isc.org> wrote: > BIND users- > > Our July 2024 maintenance release of BIND 9.18, as well as the new 9.20.0 > stable branch, are available and can be downloaded from the ISC software > download page, https://www.isc.org/download. > > In addition to bug fixes and feature improvements, these releases also > contain fixes for security vulnerabilities (CVE-2024-0760, CVE-2024-1737, > CVE-2024-1975, CVE-2024-4076), about which more information is provided in > the following Security Advisories: > > https://kb.isc.org/docs/cve-2024-0760 > https://kb.isc.org/docs/cve-2024-1737 > https://kb.isc.org/docs/cve-2024-1975 > https://kb.isc.org/docs/cve-2024-4076 > > A summary of significant changes in the new releases can be found in their > release notes: > > - Current supported stable branches: > > 9.18.28 - > https://downloads.isc.org/isc/bind9/9.18.28/doc/arm/html/notes.html > 9.20.0 - > https://downloads.isc.org/isc/bind9/9.20.0/doc/arm/html/notes.html > > We also have a nice blog post from Ondřej Surý on the 9.20.0 release, > including performance testing results ( > https://www.isc.org/blogs/2024-bind920/). > > --- > Please Note: > > To create an effective mitigation for CVE-2024-1737 we have introduced two > new configurable limits that prevent the loading (into zones or into cache) > of DNS resource records (RRs) that exceed them. We therefore recommend > reading this KB article, > > https://kb.isc.org/docs/rrset-limits-in-zones, in case you need to change > the defaults to suit your specific operational environment. > > > We recommend that users planning to upgrade from the EOL 9.16 branch read > the following document first: > > > https://kb.isc.org/docs/changes-to-be-aware-of-when-moving-from-bind-916-to-918 > > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users >
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
