My bad, didn’t realize that. I’ll send the advisory message to announce@, and update our security release guidelines to follow that in the future.
> On Oct 28, 2016, at 12:38 PM, Sally Khudairi <[email protected]> wrote: > > Thanks, John. > > However the Project wishes to announce is fine, however, the > [email protected] channel is where projects commonly list CVE notices, > which is why I mentioned it. > > Examples are at [1], [2], and [3]. Do let me know should you reconsider. > > Kind regards, > Sally > > [1] http://mail-archives.apache.org/mod_mbox/www-announce/201607.mbox/browser > <http://mail-archives.apache.org/mod_mbox/www-announce/201607.mbox/browser> > [2] http://mail-archives.apache.org/mod_mbox/www-announce/201606.mbox/browser > <http://mail-archives.apache.org/mod_mbox/www-announce/201606.mbox/browser> > [3] http://mail-archives.apache.org/mod_mbox/www-announce/201610.mbox/browser > <http://mail-archives.apache.org/mod_mbox/www-announce/201610.mbox/browser> > --both pages 1 and 2 (=6 notices from Apache Tomcat) > > = = = = = > vox +1 617 921 8656 > gvox +1 646 598 4616 > skype sallykhudairi > > > From: John Kinsella <[email protected]> > To: "<[email protected]>" <[email protected]>; > Sally Khudairi <[email protected]> > Cc: Rohit Yadav <[email protected]> > Sent: Friday, October 28, 2016 2:13 PM > Subject: Re: [ANNOUNCE] Apache CloudStack Security Releases 4.8.1.1, 4.9.0.1 > > Seems like it’d be better to use that channel for upcoming releases that have > new functionality, not “just” a security fix? > >> On Oct 28, 2016, at 11:09 AM, Sally Khudairi <[email protected] >> <mailto:[email protected]>> wrote: >> >> Thanks, Rohit. >> >> If you'd like to send this to [email protected] >> <mailto:[email protected]> (Foundation-wide announcements; will be >> included in the weekly Apache News Round-Up), I will be happy to moderate it >> through. >> >> Kind regards, >> Sally >> >> = = = = = >> vox +1 617 921 8656 >> gvox +1 646 598 4616 >> skype sallykhudairi >> >> >> From: Rohit Yadav <[email protected] <mailto:[email protected]>> >> To: [email protected] <mailto:[email protected]>; >> "[email protected] <mailto:[email protected]>" >> <[email protected] <mailto:[email protected]>>; >> "[email protected] <mailto:[email protected]>" >> <[email protected] <mailto:[email protected]>>; >> "[email protected] <mailto:[email protected]>" >> <[email protected] <mailto:[email protected]>> >> Sent: Thursday, October 27, 2016 12:07 AM >> Subject: [ANNOUNCE] Apache CloudStack Security Releases 4.8.1.1, 4.9.0.1 >> >> # Apache CloudStack Security Releases 4.8.1.1, 4.9.0.1 >> >> The Apache CloudStack project announces security releases 4.8.1.1, 4.9.0.1 >> that fixes the bug causing vulnerability over previously released minor >> versions 4.8.1 and 4.9.0 respectively. As a security release, no new >> features are included but only includes the fix for CVE-2016-6813. >> >> Apache CloudStack is an integrated Infrastructure-as-a-Service (IaaS) >> software platform that allows users to build feature-rich public and private >> cloud environments. CloudStack includes an intuitive user interface and rich >> API for managing the compute, networking, software, and storage resources. >> The project became an Apache top level project in March 2013. >> >> More information about Apache CloudStack can be found at: >> >> http://cloudstack.apache.org/ <http://cloudstack.apache.org/> >> >> ## Upgrade Notes >> >> Affected users are only required to upgrade their management server(s) to >> suitable security release version. The upgrade does not require any database >> or systemvm-template related change. >> >> ## Downloads >> >> The official source code release can be downloaded from: >> >> http://cloudstack.apache.org/ downloads.html >> <http://cloudstack.apache.org/downloads.html> >> >> In addition to the official source code release, individual contributors >> have also made convenience binaries available on the Apache CloudStack >> download page, and as follows: >> >> http://www.shapeblue.com/ packages/ <http://www.shapeblue.com/packages/> >> http://cloudstack.apt-get.eu/ ubuntu/dists/ >> <http://cloudstack.apt-get.eu/ubuntu/dists/> (packages to be published soon) >> http://cloudstack.apt-get.eu/ centos/6/ >> <http://cloudstack.apt-get.eu/centos/6/> (packages to be published soon) >> http://cloudstack.apt-get.eu/ centos/7/ >> <http://cloudstack.apt-get.eu/centos/7/> (packages to be published soon) >> >> ### >> >> Regards, >> Rohit Yadav >> >> > > >
