Hi Tom, My apologies. It is a typo. There will be no 8.1.x releases. I meant versions 8.0.x.
Kind Regards, Alex On Thu, 18 Mar 2021 at 15:11, Tom Jordahl <[email protected]> wrote: > > HI Alex, > > You say below that the dojotoolkit will be updated in 8.0.5, but then you > mention upgrading to the “latest 8.1.x version”. > Was that a typo or do you expect an 8.1.0 release to be coming soon? > > I was planning on upgrading from 7.1.x to 8.x and wanted to make sure I > picked up this fix. > > BTW – any caveats to upgrading from 7 to 8 that anyone is aware of? I > reviewed the release notes and it doesn’t seem like any breaking changes were > made. > Thanks. > -- > Tom > > From: Oleksandr Rudyy <[email protected]> > Reply-To: "[email protected]" <[email protected]> > Date: Sunday, March 14, 2021 at 4:22 PM > To: "[email protected]" <[email protected]> > Subject: Re: Addressing CVE-2020-5258 in Qpid Broker-J > > Hi Rajashekar, > > Thanks for bringing this to our attention. > I committed a change upgrading dojotoolkit to version 1.16.3 on master > and 8.0.x branches. It will be available in version 8.0.5. > I am not planning to release a new 7.1.x version. We released 7.1.0 > around two years ago in January 2019. A life cycle of major/minor > versions is 2 years which includes building of maintenance releases > with fixes for security and critical issues. The users of 7.1.x > versions should upgrade their brokers to the latest 8.1.x version. > > Kind Regards, > Alex > > [1] https://issues.apache.org/jira/browse/QPID-8511 > > On Tue, 9 Mar 2021 at 18:54, rhudumula > <[email protected]<mailto:[email protected]>> > wrote: > > Hi Qpid team, > > CVE-2020-5258 is reported against dojo-toolkit and the fix is available in > these versions - 1.14.6 and 1.16.2. The latest Qpid Broker-J versions still > seem to be using older dojo-toolkit versions. > Any update on when the this will be addressed? Or is it safe to just pick > the latest dojo-toolkit version? > > Thanks, > Rajashekar > > > > -- > Sent from: http://qpid.2158936.n2.nabble.com/Apache-Qpid-users-f2158936.html > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > [email protected]<mailto:[email protected]> > For additional commands, e-mail: > [email protected]<mailto:[email protected]> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > [email protected]<mailto:[email protected]> > For additional commands, e-mail: > [email protected]<mailto:[email protected]> > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
