Page MenuHomePhabricator

Tracking bug for 1.27.6/1.30.2/1.31.2/1.32.2 security release
Closed, ResolvedPublic

Description

Previous work T181665: Tracking bug for 1.27.5/1.29.3/1.30.1/1.31.1 security release

Tracking bug for next security release

Maniphest IDCVE IDREL1_27REL1_30REL1_31REL1_32REL1_33master
T204729CVE-2019-12473mergedmergedmergedmergedmergedmerged
T25227CVE-2019-12466mergedmergedmergedmergedmergedmerged
T207603CVE-2019-12471mergedmergedmergedmergedmergedmerged
T221739CVE-2019-11358 (upstream)
T197279CVE-2019-12468
T208881n/a
T209794CVE-2019-12467
T199540CVE-2019-12472
T212118CVE-2019-12474
T222036CVE-2019-12469
T222038CVE-2019-12470

Related Objects

Event Timeline

Reedy created this task.Sep 20 2018, 9:55 PM
Reedy created this object with visibility "Custom Policy".
Reedy renamed this task from Tracking bug for 1.27.6/1.30.2/1.31.2 security release to Tracking bug for 1.27.6/1.30.2/1.31.2/1.32.1 security release.Feb 13 2019, 2:24 AM
Legoktm added a subtask: Restricted Task.Mar 8 2019, 10:29 PM
Aklapper renamed this task from Tracking bug for 1.27.6/1.30.2/1.31.2/1.32.1 security release to Tracking bug for 1.27.6/1.31.2/1.32.1 security release.Mar 18 2019, 12:30 AM
Aklapper edited projects, added MW-1.32-release; removed MW-1.30-release.
Reedy added a comment.EditedMar 18 2019, 1:03 AM

@Aklapper Although 1.30 is unsupported, I suspect pressure will be for us to release a 1.30.2 with both security and maintenance releases (like we had with 1.29 IIRC), because of things already backported...

That, and there wasn't any sort of final 1.30 release around the time of it going EOL...

Aklapper renamed this task from Tracking bug for 1.27.6/1.31.2/1.32.1 security release to Tracking bug for 1.27.6/1.30.2/1.31.2/1.32.1 security release.Mar 18 2019, 1:43 AM
Aklapper added a project: MW-1.30-release.

meh

greg added a subscriber: greg.Apr 9 2019, 10:59 PM
Rxy added a subscriber: Rxy.Apr 30 2019, 3:53 PM
Reedy triaged this task as High priority.Apr 30 2019, 4:00 PM
Reedy renamed this task from Tracking bug for 1.27.6/1.30.2/1.31.2/1.32.1 security release to Tracking bug for 1.27.6/1.30.2/1.31.2/1.32.2 security release.Apr 30 2019, 6:28 PM
Reedy updated the task description. (Show Details)May 28 2019, 2:50 PM
Reedy updated the task description. (Show Details)May 28 2019, 2:53 PM
Reedy updated the task description. (Show Details)May 28 2019, 2:55 PM
Reedy updated the task description. (Show Details)
Reedy updated the task description. (Show Details)May 28 2019, 3:00 PM
Reedy updated the task description. (Show Details)May 28 2019, 3:07 PM
Reedy updated the task description. (Show Details)May 28 2019, 3:20 PM

1.30 went EOL in December 2018; are you still planning the release for that branch?

Reedy added a comment.May 28 2019, 9:43 PM

1.30 went EOL in December 2018; are you still planning the release for that branch?

I am. It hasn't been formally EOL'd (no announcement or anything beyond possibly wiki document updates), and there are outstanding maintenance patches that are unreleased on the branch.

I can't remember where the discussion was offhand, but the jist of it was it's a bit "unfair" and messy that we hadn't made a release out of it. Which I think was fair enough, and still stands here

And I think sending a REL1_30 EOL announcement now/today (ish) and then a security release within the next week is somewhat of a dick move. I therefore to plan to EOL REL1_30 in this point release, like I did with REL1_29 in the 1.29.3 release announcement

Hopefully, the effort for backporting to REL1_30 should be minimal, as such I'll just do it with the rest of these

Basically, we need to get more proactive at doing maintenance (and security!) releases, and these should probably co-incide with EOL announcements too (I know, preaching to the choir)

Reedy updated the task description. (Show Details)May 28 2019, 10:47 PM

Completely untested... But this does RELEASE-NOTES, bumping and the "next" commit for the relevant branches that will be continuing. Saving here as WIP until a couple of other tasks/commits are dealt with.

Feel free to help test/review these. I've not had a look for any usages of "new" functions that might not be in 1.27/1.30 (and potentially even 1.31 and 1.32)

Reedy removed a subtask: Restricted Task.May 28 2019, 11:58 PM
Reedy updated the task description. (Show Details)
Reedy updated the task description. (Show Details)May 30 2019, 5:30 PM
Reedy updated the task description. (Show Details)
Reedy updated the task description. (Show Details)Jun 5 2019, 9:08 PM
Reedy closed this task as Resolved.Jun 6 2019, 3:58 PM
Reedy claimed this task.
Reedy changed the visibility from "Custom Policy" to "Public (No Login Required)".
sbassett moved this task from Backlog to Done on the Security-Team board.Jun 11 2019, 6:28 PM