On 2/15/21 7:56 PM, Chris Lamb wrote: > Hi Thomas, > >> There's been some serious security issues in OVS recently. My >> recommendation to the LTS team would be to simply upgrade to the latest >> point release for the given distribution. For example, Stretch has >> 2.6.2~pre+git20161223-3. I would advise upgrading to 2.6.10. Anything >> older than Stretch doesn't have any upstream support. > > This is a good idea. My only concern, of course, is regarding > regressions — the diff between the two upstream tarballs in question > is 156MB, although from a quick glance this is admittedly mostly test > and autotools related changes. > > Can you vouch for upstream making sensible/reasonable decisions > between these minor releases? That would be necessary for a > hypothetical 2.6.11 too.
Hi, Upstream indeed only fixes bugs in the stable branches without adding features, and a few times, after I encounter bugs (OVS crash in my case, for the 2.10.0 currently in Buster), upgrading to the tip of the stable branch fixed my cluster. That's why the last CVE fix I uploaded are just an upgrade to the latest point release from upstream. Cheers, Thomas Goirand (zigo)
