Upgrade to OTRS version 5.0.32
Closed, ResolvedPublic

Description

Per

https://community.otrs.com/security-advisory-2018-10-security-update-for-otrs-framework/

There is a vulnerability introduced in 5.0.31 (we upgraded in T209184) that could potentially allow from privilege escalation. I 've audited the code in https://github.com/OTRS/otrs/commit/7d3c56d5b9bb38207695dae174dbba89a132e7b9 and we are not vulnerable as we haven't run the upgrade script since when we upgraded to OTRS 5.x.

That being said, we should upgrade anyway since patch level upgrades are easy and it would minimize confusion for SREs and volunteers

Restricted Application added subscribers: Scoopfinder, Aklapper. · View Herald TranscriptNov 16 2018, 10:32 AM

Mentioned in SAL (#wikimedia-operations) [2018-11-16T10:39:00Z] <akosiaris> upgrade OTRS to 5.0.32 T209691

akosiaris triaged this task as Normal priority.Nov 16 2018, 10:49 AM
akosiaris closed this task as Resolved.

Upgrade done, resolving