Why has the Trusty version (2:2.8.4-2) not been bumped to address security vulnerabilities
Asked by
aren55555
Hi all,
I was wondering why the Trusty Redis package version is still 2.8.4. There seem to have been a number of incremental 2.8.x redis versions that have been released since 2.8.4 in Jan 2014. The most recent 2.8.x release being 2.8.24 released in Dec 2015.
A number of the versions address "Critical" security issues; 2.8.21 introduced a fix to the "Redis EVAL Lua Sandbox Escape" detailed here http://
I am wondering if the Trusty packages will be updated? If shown how I could likely take a stab at this myself.
Aren
Question information
- Language:
- English Edit question
- Status:
- Solved
- For:
- Ubuntu redis Edit question
- Assignee:
- No assignee Edit question
- Solved by:
- aren55555
- Solved:
- Last query:
- Last reply:
To post a message you must log in.