New BIND releases are available: 9.18.28, 9.20.0
    Adam Augustine 
    augustineas at gmail.com
       
    Tue Jul 23 20:05:03 UTC 2024
    
    
  
Ah, thank you! I knew I was missing something. The mailing list should
have been my first place to look. I should have specified
"site:lists.isc.org/pipermail/bind-users/" in my searches.
To summarize the thread Ondřej referenced, this bit from Michał Kępień
explains the plan:
"While I don't have a specific date for you, we plan to do such a
"rollover" again when BIND 9.20.1 or 9.20.2 gets released, i.e. in about
2-3 months from now.  We will definitely roll all three repositories at
the same time, i.e.:
  - "bind-esv" will move from 9.16 to 9.18,
  - "bind" will move from 9.18 to 9.20,
  - "bind-dev" will move from 9.19/9.20 to 9.21."
Then this paragraph from Ondřej Surý himself:
"The current plan is that on next Wednesday (next week)
[ed:2024-06-26], the bind-esv repositories will
be bumped from 9.16 to 9.18, the 'bind' repository will stay on 9.18
until 9.20 is released,
and we'll probably stick with Michał's plan to do the bump around
9.20.1 or 9.20.2 release,
probably mid 9.20.1-9.20.2 release cycle as you suggested."
So we will look for 9.20.1 or .2 in the isc/bind repo in the next few
months. The update plan is very sensible to me.
Thanks again! You are doing great work.
On Tue, Jul 23, 2024 at 11:32 AM Ondřej Surý <ondrej at isc.org> wrote:
>
> Hi Adam,
>
> this was discussed a month ago:
>
> https://lists.isc.org/pipermail/bind-users/2024-June/108638.html
>
> and we were basically asked to make the bumps in the repositories to not follow the releases.
>
> Ondrej
> --
> Ondřej Surý (He/Him)
> ondrej at isc.org
>
> My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.
>
> > On 23. 7. 2024, at 10:17, Adam Augustine <augustineas at gmail.com> wrote:
> >
> > First, thank you all for the hard work you do on BIND.
> >
> > What is the proper mapping of "Current Stable, ESV", "Development", and "New Stable" BIND versions to their respective COPR repos? I feel like it should be obvious, but I am missing something.
> >
> > I think I expected 9.18.28 to appear in isc/bind-esv with this release (which it does) and for 9.20.0 to appear in isc/bind (which it doesn't, as far as I can tell anyway). 9.18.28 does appear in isc/bind as well as in isc/bind-esv, which seems reasonable (though the "07776636-isc-bind-bind" directory is hidden in isc/bind, it is accessible and referenced in the respective repo xml files). I recognize that a direct upgrade from 9.18 to 9.20 for those on the isc/bind repo might be a bit surprising at this point, despite the very clear messaging about how the versioning is meant to work, but at the same time, I wouldn't expect we want people using the isc/bind-dev repo to get 9.20.0 for production use either.
> >
> > I don't recall how this transition was handled for 9.16->9.18, but if I recall it seemed like it just magically worked for us. But back then we weren't as aggressive about updating as we are now. I probably just missed some explanation somewhere about how the transition is meant to be handled, but my searches aren't returning anything specific to this situation. Speaking of which, is there an equivalent to the https://kb.isc.org/docs/changes-to-be-aware-of-when-moving-from-bind-916-to-918 article for 9.18->9.20?
> >
> > We have already upgraded most of our systems to 9.18.28, but want to move to 9.20.0 soon, but aren't certain the right way forward.
> >
> > Thanks again for this release. I know refactoring code is extremely challenging and doesn't get the praise it deserves.
> >
> > On Tue, Jul 23, 2024 at 7:30 AM Victoria Risk <vicky at isc.org> wrote:
> > BIND users-
> >
> > Our July 2024 maintenance release of BIND 9.18, as well as the new 9.20.0 stable branch, are available and can be downloaded from the ISC software download page, https://www.isc.org/download.
> >
> > In addition to bug fixes and feature improvements, these releases also contain fixes for security vulnerabilities (CVE-2024-0760, CVE-2024-1737, CVE-2024-1975, CVE-2024-4076), about which more information is provided in the following Security Advisories:
> >
> >     https://kb.isc.org/docs/cve-2024-0760
> >     https://kb.isc.org/docs/cve-2024-1737
> >     https://kb.isc.org/docs/cve-2024-1975
> >     https://kb.isc.org/docs/cve-2024-4076
> >
> > A summary of significant changes in the new releases can be found in their release notes:
> >
> >   - Current supported stable branches:
> >
> >     9.18.28 - https://downloads.isc.org/isc/bind9/9.18.28/doc/arm/html/notes.html
> >     9.20.0  - https://downloads.isc.org/isc/bind9/9.20.0/doc/arm/html/notes.html
> >
> > We also have a nice blog post from Ondřej Surý on the 9.20.0 release, including performance testing results (https://www.isc.org/blogs/2024-bind920/).
> >
> > ---
> > Please Note:
> >
> > To create an effective mitigation for CVE-2024-1737 we have introduced two new configurable limits that prevent the loading (into zones or into cache) of DNS resource records (RRs) that exceed them. We therefore recommend reading this KB article,
> > https://kb.isc.org/docs/rrset-limits-in-zones, in case you need to change the defaults to suit your specific operational environment.
> >
> > We recommend that users planning to upgrade from the EOL 9.16 branch read the following document first:
> >
> >     https://kb.isc.org/docs/changes-to-be-aware-of-when-moving-from-bind-916-to-918
> >
> > --
> > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> >
> > ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> >
> >
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> > --
> > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> >
> > ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> >
> >
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
>
    
    
More information about the bind-users
mailing list