Dear Community,
As you are aware, the following current patch releases contain Embargoed security fixes:
- 2.34.7-EMBARGOED
- 2.35.8-EMBARGOED
- 2.36.4-EMBARGOED
Now that all patches containing the related security fixes are available we plan to disclose the issues, including releasing the fixes into our public open-source repository, in accordance with our vulnerability disclosure policy.
The disclosure will be made on Wednesday 27 October, one week from this announcement!
We strongly encourage you to update to the EMBARGOED versions prior to the disclosure to avoid continuing to run a system with disclosed vulnerabilities.
When we disclose, we will re-tag the currently embargoed releases without the -EMBARGOED
suffix.
Yours,
The DHIS2 Release Team