...
| Info |
|---|
If you would like to report an issue you believe is security related, please open a new JIRA Issue. Be sure to set the following attributes:
Alternately, you may notify comanage@sphericalcowgroup.com. Do not email the users or developers lists report issues via the mailing lists or Slack channels, as those are considered public. |
In general, you should always upgrade to the latest version of COmanage as soon as practical, upgrading a QA or test server first. The further behind you fall, the harder it will probably be to upgrade if a highly critical security advisory is released.
Security Advisories
| Advisory | Affected Releases | Severity | Exposure |
|---|---|---|---|
| 2015-12-09 | 0.9.4 and earlier | Unknown | Unknown |
| 2017-01-30 | 0.9.1 through 1.0.5 | High or Very High | Low |
| 2018-05-30 | 0.9.4 through 3.1.0 | Very High | Low or Medium |
| 2020-05-29 | 3.2.4 and earlier | Unknown | Low |
| 2020-10-29 * | 3.2.0 through 3.3.0 | Medium | Low |
| 2021-05-24a | 3.3.0 through 3.3.2 | Medium | Low |
| 2021-05-24b * | 0.5 through 3.3.2 | Very High | Varies |
| 2021-12-07 | 3.3.0 through 4.0.0 | Medium | Low |
| 2022-02-24 | 3.3.0 through 4.0.1 | Medium | Low |
| 2023-10-03a | 0.8 through 4.2.1 | Medium | Low or Medium |
| 2023-10-03b | 3.1.0 through 4.2.1 | Very High | Low |
* Advisories that describe unexpected behavior from a supported configuration, not a code exploit
...