From db75522ec793f24440b07bd092293a56785a46a4 Mon Sep 17 00:00:00 2001 From: Mike McLean Date: Oct 09 2019 14:54:57 +0000 Subject: clarify fixed/affected versions --- diff --git a/docs/source/CVE-2019-17109.rst b/docs/source/CVE-2019-17109.rst index 87ac142..9784167 100644 --- a/docs/source/CVE-2019-17109.rst +++ b/docs/source/CVE-2019-17109.rst @@ -22,7 +22,8 @@ fixed version as soon as possible. Bug fix ------- -We are releasing updates for each affected version of Koji to fix this bug. +We are releasing updates for affected versions of Koji from within the +past two years. The following releases all contain the fix: - 1.18.1 @@ -33,6 +34,9 @@ The following releases all contain the fix: Note: the legacy-py24 branch is unaffected since it is client-only (no hub). +Anyone using a Koji version older than two years should update to a more +current version as soon as possible. + For users who have customized their Koji code, we recommend rebasing your work onto the appropriate update release. Please see Koji `issue #1634 `_ for the code details.