[rsyslog] rsyslog 3.21.8 (v3-beta) released - IMPORTANT SECURITY RELEASE
Florian Riedl
friedl at hq.adiscon.com
Thu Dec 4 13:34:08 CET 2008
Hi all,
We have just released rsyslog 3.21.8, a member of the v3-beta branch.
Most importantly, this release addresses a security vulnerability the
renders the $AllowedSender directive useless. This issue has already
been discussed here on the list. In addition to this, the release also
contains all the bug fixes and enhancements from the stable release
3.20.1.
Security Advisory:
http://www.rsyslog.com/Article322.phtml
Download:
http://www.rsyslog.com/Downloads-req-viewdownloaddetails-lid-142.phtml
Change Log:
http://www.rsyslog.com/Article326.phtml
All users are advised to update to this release. It is urgently
recommended not only for those that would be vulnerable to the security
issue but also to anyone using TLS-based communications.
Releases for the devel branch will hopefully be posted later today. The
git archive has all relevant patches if someone has an urgent need.
As always, feedback is appreciated. We hope this release will be useful.
Florian Riedl
--
Support
=======
Improving rsyslog is costly, but you can help! We are looking for
organizations that find rsyslog useful and wish to contribute back. You
can contribute by reporting bugs, improve the software, or donate money
or equipment.
Commercial support contracts for rsyslog are available, and they help
finance continued maintenance. Adiscon GmbH, a privately held German
company, is currently funding rsyslog development. We are always looking
for interesting development projects. For details on how to help, please
see http://www.rsyslog.com/doc-how2help.html .
More information about the rsyslog
mailing list