Recent Server Releases
7 views
Skip to first unread message
Laurence Field
Dec 20, 2024, 9:40:47 AM12/20/24
to boinc_projects
Some of you may be wondering why there have been so many server releases
over the past week. The LHC@home project recently caught the attention
of security researchers actively searching for vulnerabilities.
As soon as we received these reports, they were promptly shared with
David, who addressed them swiftly—many thanks to him for this. When a
Pull Request is created, it effectively serves as a public disclosure.
This makes it crucial to prepare server releases so that projects can
either review the change and decide on their course of action.
When we received the first report, we reacted quickly. However, the
reports have continued to come in, resulting in frequent releases. Had
we known from the start that additional reports would follow, we could
have bundled them into a single release.
Each time a release is prepared, the reported vulnerability is
reproduced, the fix is applied to the LHC@home development and
production environments, and the update is verified to ensure the
service functions correctly after the patch.
Given that more reports are being received, it would be better to wait
and address them in a single release once we are confident we have
accounted for all known issues.
Please feel free to share any comments or feedback with me.
Laurence
over the past week. The LHC@home project recently caught the attention
of security researchers actively searching for vulnerabilities.
As soon as we received these reports, they were promptly shared with
David, who addressed them swiftly—many thanks to him for this. When a
Pull Request is created, it effectively serves as a public disclosure.
This makes it crucial to prepare server releases so that projects can
either review the change and decide on their course of action.
When we received the first report, we reacted quickly. However, the
reports have continued to come in, resulting in frequent releases. Had
we known from the start that additional reports would follow, we could
have bundled them into a single release.
Each time a release is prepared, the reported vulnerability is
reproduced, the fix is applied to the LHC@home development and
production environments, and the update is verified to ensure the
service functions correctly after the patch.
Given that more reports are being received, it would be better to wait
and address them in a single release once we are confident we have
accounted for all known issues.
Please feel free to share any comments or feedback with me.
Laurence
Reply all
Reply to author
Forward
0 new messages