Discussion:
[Proftpd-user] ProFTPd 1.3.3g
Juan Arias
2016-02-26 06:20:30 UTC
Permalink
Hi, we have installed ProFTPd 1.3.3g in our environment, and I wanted to check if this version is currently being maintained. Our Risk team has raised a concern that this might not be the currently maintained version, and therefore we could be exposing ourselves to security risks. I wanted to find information about this, since it seems that the current release is the 1.3.5 branch, but I couldn't find anything that would tell me if the version that we are using is still being maintained or not. Can you please kindle provide advise on this matter? Are we still going to get backported security patches to the version that we are using? Or are we putting ourselves at risk by not migrating to 1.3.5x
Many thanks,JA
Alex Domoradov
2016-02-26 17:02:32 UTC
Permalink
You should read - http://www.proftpd.org/docs/howto/Versioning.html

On Fri, Feb 26, 2016 at 8:20 AM, Juan Arias <***@hotmail.com> wrote:

> Hi, we have installed ProFTPd 1.3.3g in our environment, and I wanted to
> check if this version is currently being maintained. Our Risk team has
> raised a concern that this might not be the currently maintained version,
> and therefore we could be exposing ourselves to security risks. I wanted to
> find information about this, since it seems that the current release is the
> 1.3.5 branch, but I couldn't find anything that would tell me if the
> version that we are using is still being maintained or not. Can you please
> kindle provide advise on this matter? Are we still going to get backported
> security patches to the version that we are using? Or are we putting
> ourselves at risk by not migrating to 1.3.5x
>
> Many thanks,
> JA
>
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
> _______________________________________________
> ProFTPD Users List <proftpd-***@proftpd.org>
> Unsubscribe problems?
> http://www.proftpd.org/list-unsub.html
>
Juan Arias
2016-02-28 20:40:18 UTC
Permalink
Many thanks for your answer, from what I understand by reading that page, is that the versions that are currently being maintained by the proftpd team are the maintenance branch (currently 1.3.5a) and the current trunk (1.3.6rc1). Therefor, if a security bug is found in the version that we are using (1.3.3g), it will be fixed in the maintenance branch (1.3.5) but not backported to 1.3.3, as this branch is currently unsupported. Is this correct?
Thanks

You should read - http://www.proftpd.org/docs/howto/Versioning.html

On Fri, Feb 26, 2016 at 8:20 AM, Juan Arias <***@...> wrote:

> Hi, we have installed ProFTPd 1.3.3g in our environment, and I wanted to
> check if this version is currently being maintained. Our Risk team has
> raised a concern that this might not be the currently maintained version,
> and therefore we could be exposing ourselves to security risks. I wanted to
> find information about this, since it seems that the current release is the
> 1.3.5 branch, but I couldn't find anything that would tell me if the
> version that we are using is still being maintained or not. Can you please
> kindle provide advise on this matter? Are we still going to get backported
> security patches to the version that we are using? Or are we putting
> ourselves at risk by not migrating to 1.3.5x
>
> Many thanks,
> JA
From: ***@hotmail.com
To: proftp-***@lists.sourceforge.net
Subject: RE: ProFTPd 1.3.3g
Date: Fri, 26 Feb 2016 08:20:30 +0200




Hi, we have installed ProFTPd 1.3.3g in our environment, and I wanted to check if this version is currently being maintained. Our Risk team has raised a concern that this might not be the currently maintained version, and therefore we could be exposing ourselves to security risks. I wanted to find information about this, since it seems that the current release is the 1.3.5 branch, but I couldn't find anything that would tell me if the version that we are using is still being maintained or not. Can you please kindle provide advise on this matter? Are we still going to get backported security patches to the version that we are using? Or are we putting ourselves at risk by not migrating to 1.3.5x
Many thanks,JA
TJ Saunders
2016-02-29 00:01:28 UTC
Permalink
> Many thanks for your answer, from what I understand by reading that page,
> is that the versions that are currently being maintained by the proftpd
> team are the maintenance branch (currently 1.3.5a) and the current trunk
> (1.3.6rc1). Therefor, if a security bug is found in the version that we
> are using (1.3.3g), it will be fixed in the maintenance branch (1.3.5)
> but not backported to 1.3.3, as this branch is currently unsupported. Is
> this correct?

Yes, that's correct.

Cheers,
TJ

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
ProFTPD Users List <proftpd-***@proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
Loading...