Documentation

Installation and configuration

image1

Packaged versions

These versions are maintained under distribution umbrella following their policy.

Debian

Tip

Following Debian Policy, LLNG packages are never upgraded in published distributions. However, security patches are backported by maintenance teams (except some inor ones). See Security tracker

Debian dist   LLNG version Secured Maintenance LTS Limit Extended LTS Limit
6 Squeeze 0.9.4.1 maybe No known vulnerability None February 2016 April 2019
7 Wheezy 1.1.2 maybe No known vulnerability None May 2018 June 2020
8 Jessie 1.3.3 clean CVE-2019-19791 tagged as minor None [1] June 2020 June 2022
9 Stretch 1.9.7 clean CVE-2019-19791 tagged as minor Debian LTS Team June 2022 Probably 2024
Stretch-backports 2.0.2 bad CVE-2019-12046, CVE-2019-13031, CVE-2019-15941 None June 2019  
Stretch-backports-sloppy 2.0.11 maybe None August 2021  
10 Buster 2.0.2 clean CVE-2019-19791 tagged as minor Debian Security Team June 2024 Probably 2026
Buster-backports 2.0.11 clean None August 2021  
Buster-backports-sloppy 2.0.11 clean LLNG Team, “best effort” [3] Until Debian 12 release [4]  
11 Bullseye 2.0.11 clean Debian Security Team July 2026 Probably 2028
Bullseye-backports 2.0.11 clean LLNG Team, “best effort” [3] Until Debian 12 release [4]  
Next Testing/Unstable Latest [5] clean LLNG Team    

See Debian Security Tracker and Debian Package Tracker for more.

Ubuntu

Attention

Ubuntu version are included in “universe” branch [8], so not really security maintained. Prefer to use our repositories or Debian ones

Ubuntu dist   LLNG version Secured Maintenance
12.04 Precise 1.1.2 maybe No known vulnerability None
14.04 Trusty 1.2.5 maybe No known vulnerability None
16.04 Xenial [9] 1.4.6 bad CVE-2019-12046, CVE-2019-13031 None
18.04 Bionic [9] 1.9.16 bad CVE-2019-12046, CVE-2019-13031, CVE-2020-24660 None
20.04 Focal [9] 2.0.7 bad CVE-2020-24660, CVE-2021-35472, CVE-2021-35473 None
20.10 Groovy 2.0.8 bad CVE-2020-24660, CVE-2021-35472, CVE-2021-35473 None
21.04 Hirsute 2.0.11 bad CVE-2021-35472, CVE-2021-35473 None

Bug report

See Reporting a bug.

Development

image13

git clone https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng.git

Other

image14

[1]Possible Extended LTS
[3](1, 2) updated by LLNG Team until dependencies are compatible. Don’t use backports unless you plan to update your system because backports are not covered by Debian Security Policy
[4](1, 2) around July 2023
[5]few days after release
[8]Ubuntu universe/multiverse branches are community maintained (so not maintained by Canonical), but in fact nobody considers LLNG security issues. See this issue for example
[9](1, 2, 3) LTS