On Tue, Jan 18, 2022, 01:44 Antoine G. <guacamole.to...@placi.de> wrote:
> On 12/01/2022 22:32, Nick Couchman - vn...@apache.org wrote: > > We do not plan to release patches for lower versions. Essentially, 1.4.0 > > is the patch. > > Thank you for your answer. > > Just to be sure I understand the CVE and the stack, do you confirm that > technically, upgrading only guacamole-client to 1.4.0 (and leaving guacd > in 1.3.0) is enough to patch the CVE? > Yes. - Mike
