[freifunk-public] Critical vulnerability in Gluon - Bugfix release on Thursday, 2022-05-05

[Ralf Jung]

Hallo allerseits,

eine neue Firmware mit dem Fix für die unten genannte Sicherheitslücke ist jetzt 
auf dem experimental-Zweig. Ich würde sie gerne möglichst schnell auf stable tun.
Wenn also ein paar von euch ihre Knoten per SSH "autoupdater -f -b experimental" 
aktualisieren könnten und schauen würden, ob danach noch alles geht, das wäre 
super. :)

Viele Grüße,
Ralf

On 03.05.22 14:06, TheGoliath via freifunk-public wrote:
> Hi everyone,
> 
> we have recently found a critial security vulnerability in Gluon, making a
> timely update of all nodes necessary.
> 
> The bugfix has not been pushed to the public Gluon repository yet to avoid
> disclosing information on this issue. A detailed advisory will be published
> at the same time as Gluon 2021.1.2, which will contain the fix.
> 
> The release is scheduled for the evening of Thursday, 2022-05-05. As all
> previous Gluon releases are affected, we will also provide bugfix backports
> for various older release branches that are still in use, regardless of
> end-of-life status.
> 
> -- NeoRaider
> 
> Source:https://lists.freifunk.net/pipermail/firmware-devel-freifunk.net/2022-May/000240.html
> 
> I just wanted to send a quick heads up to all Freifunk & Funkfeuer communities, although there
> will be some that don't use Gluon as their base firmware.This is also a good time to consider
> updating to the latest 2021.1.x version of Gluon, as a significant number of
> communities are still running on older versions.
> 
> Further documentation can be found here:https://gluon.readthedocs.io/en/latest/
> 
> If you have any questions, please feel free to join IRC (see:https://gluon.readthedocs.io/en/latest/dev/basics.html).
> 
> Kind regards,
> TheGoliath
> 
>