If you would like to report an issue you believe is security related, please notify comanage@sphericalcowgroup.com (this is an interim address until new procedures are established). Do not file a JIRA or email the users or developers lists, as those are all public. |
In general, you should always upgrade to the latest version of COmanage as soon as practical, upgrading a QA or test server first. The further behind you fall, the harder it will probably be to upgrade if a highly critical security advisory is released. Currently, the COmanage developers are unable to commit to providing security fixes for any version other than the latest release. Depending on the details of any given fix, it may or may not be plausible to backport fixes to earlier releases.
| Affected Releases | Severity | Exposure | Mitigations | Advisory |
|---|---|---|---|---|
| 0.9.4 and earlier | Unknown | Unknown | Upgrade to v1.0.0 or later | 2015-12-09 Registry Advisory |