On Wed, Jan 12, 2022 at 4:28 PM guacatoine <guacamole.to...@placi.de> wrote:
> > Hello, > > Le 11/01/2022 à 22:21, Mike Jumper - mjum...@apache.org a écrit : > > Severity: moderate > > When running Apache Guacamole 1.3.0, is the only way of addressing > CVE-2021-41767 to update to v1.4.0 or is there a security patch incoming > for one (or more lower) version(s) of Guacamole? > > We do not plan to release patches for lower versions. Essentially, 1.4.0 is the patch. If you really need to maintain a lower version, you could try to back-port the patch(es) that specifically address the issue to that version, but that's a lot of manual work versus just upgrading to the latest version. -Nick