Documentation

Installation and configuration

image1

Packaged versions

These versions are maintained under distribution umbrella following their policy.

Debian

Tip

Following Debian Policy, LL::NG packages are never upgraded in published distributions. However, security patches are backported by maintenance teams (except some minor ones). See Security tracker

Debian dist   LL::NG version Secured Maintenance LTS Limit Extended LTS Limit
6 Squeeze 0.9.4.1 maybe No known vulnerability None February 2016 April 2019
7 Wheezy 1.1.2 maybe No known vulnerability None May 2018 June 2020
8 Jessie 1.3.3 maybe CVE-2019-19791 tagged as minor None [1] June 2020 Possibly 2024
9 Stretch 1.9.7 maybe CVE-2019-19791 tagged as minor Debian LTS Team June 2022 Possibly 2024
10 Buster 2.0.2 clean CVE-2019-19791 tagged as minor Debian Security Team June 2024 Possibly 2026
Buster-backports 2.0.14 maybe None September 2022  
Buster-backports-sloppy Adds libauthen-webauthn-perl only maybe None September 2022  
11 Bullseye 2.0.11 clean Debian Security Team July 2026 Possibly 2028
Bullseye-backports 2.0.14 clean LL::NG Team, “best effort” [3] July 2024  
Next Testing/Unstable Latest [5] clean LL::NG Team    

See Debian Security Tracker and Debian Package Tracker for more.

Ubuntu

Attention

Ubuntu version are included in “universe” branch [8], so not really security maintained. Prefer to use our repositories or Debian ones

Ubuntu dist   LL::NG version Secured Maintenance
12.04 Precise 1.1.2 maybe No known vulnerability None
14.04 Trusty 1.2.5 maybe No known vulnerability None
16.04 Xenial [9] 1.4.6 bad CVE-2019-12046, CVE-2019-13031 None
18.04 Bionic [9] 1.9.16 bad CVE-2019-12046, CVE-2019-13031, CVE-2020-24660 None
20.04 Focal [9] 2.0.7 bad CVE-2020-24660, CVE-2021-35472, CVE-2021-35473, CVE-2021-40874 None
20.10 Groovy 2.0.8 bad CVE-2020-24660, CVE-2021-35472, CVE-2021-35473, CVE-2021-40874 None
21.04 Hirsute 2.0.11 bad CVE-2021-35472, CVE-2021-35473, CVE-2021-40874 None
22.04 Jammy 2.0.13 bad CVE-2021-40874 None

Bug report

See Reporting a bug.

Development

image13

git clone https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng.git

Other

image14

[1]Possible Extended LTS
[3]updated by LL::NG Team until dependencies are compatible. Don’t use backports unless you plan to update your system because backports are not covered by Debian Security Policy
[5]few days after release
[8]Ubuntu universe/multiverse branches are community maintained (so not maintained by Canonical), but in fact nobody considers LL::NG security issues. See this issue for example
[9](1, 2, 3) LTS