Dear R Foundation Team, I hope this message finds you well. I am reaching out to seek your guidance on addressing the security vulnerability CVE-2024-27322. As I understand, a security fix for this vulnerability has been available starting from v4.4.0. This issue affects all versions from 1.4.0 to 4.3.3.
During our testing phase, we encountered a challenge while attempting to upgrade to the secure version. Our devices were running version 4.3.3 and below, and we tried to install version 4.4.0, hoping the installer would detect the older version and perform an in-place upgrade. However, we observed that the new version was installed alongside the older version rather than replacing it. Consequently, this approach did not mitigate the security vulnerability. To address this issue effectively, it appears that we need to first uninstall the existing older version before installing the latest version. This process should ensure that the security vulnerability is adequately resolved. Could you please confirm if this is the recommended approach for handling this specific security issue? Additionally, if there are any alternative methods or best practices you could suggest for performing this upgrade seamlessly, we would greatly appreciate your insights. Thank you for your support and assistance in this matter. Thanks & Regards, Aishwarya Priyadarshini TMX Software Delivery, Virtualization & Telemetry Dell Digital | Team Member eXperience aishwarya_pr...@dell.com<mailto:aishwarya_pr...@dell.com> Internal Use - Confidential [[alternative HTML version deleted]] ______________________________________________ R-help@r-project.org mailing list -- To UNSUBSCRIBE and more, see https://stat.ethz.ch/mailman/listinfo/r-help PLEASE do read the posting guide http://www.R-project.org/posting-guide.html and provide commented, minimal, self-contained, reproducible code.
