If you would like to report an issue you believe is security related, please notify comanage@sphericalcowgroup.com (this is an interim address until new procedures are established). Do not file a JIRA or email the users or developers lists, as those are all public.
In general, you should always upgrade to the latest version of COmanage as soon as practical, upgrading a QA or test server first. The further behind you fall, the harder it will probably be to upgrade if a highly critical security advisory is released. Currently, the COmanage developers are unable to commit to providing security fixes for any version other than the latest release. Depending on the details of any given fix, it may or may not be plausible to backport fixes to earlier releases.
Security Advisories
| Advisory | Affected Releases | Severity | Exposure |
|---|---|---|---|
| 2015-12-09 Registry Advisory | 0.9.4 and earlier | Unknown | Unknown |
Severities
- Very High: Remotely exploitable without authentication
- High: Exploit requires authentication as any user
- Medium: Exploit requires authentication as any administrator
- Low: Exploit requires authentication as a platform administrator, or requires command line login access to server