Pre-announcement of a BIND security issue scheduled for disclosure 18 August 2021

Michael McNally mcnally at isc.org
Mon Aug 16 08:39:03 UTC 2021


Hello --

Last year we began experimenting with a new policy of pre-notification
concerning upcoming security releases, based on efforts we had seen from
other open-source projects.

All of the feedback we received regarding this policy has been positive
and supportive and consequently we have tried to continue the practice
whenever practical.

We are therefore writing to inform you that the August 2021
BIND maintenance releases that will be released on Wednesday,
18 August, will contain a patch for a security vulnerability
(affecting only the BIND 9.16.x and 9.17.x release branches;
the BIND 9.11.x release sequence is not affected.)

Further details about that vulnerability will be publicly disclosed
at the time the releases are published.  It is our hope that this
pre-announcement will aid BIND operators in preparing for that
disclosure when it occurs.

Michael McNally
ISC Security Officer

P.S.:  if you have feedback or questions concerning this policy,
kindly direct them to security-officer at isc.org


More information about the bind-announce mailing list