Documentation

Installation and configuration

image1

Packaged versions

These versions are maintained under distribution umbrella following their policy.

Debian

<note tip>Following Debian Policy, LLNG packages are never upgraded in published distributions. However, security patches are backported by maintenance teams (except minor ones).</note>

Debian dist   LLNG version Secured Maintenance LTS Limit Extended LTS Limit
6 Squeeze 0.9.4.1 maybe No known vulnerability None February 2016 April 2019
7 Wheezy 1.1.2 maybe No known vulnerability None [1] May 2018 Probably 2021
8 Jessie 1.3.3 clean CVE-2019-19791 tagged as minor None [1] June 2020 Probably 2023
9 Stretch 1.9.7 clean CVE-2019-19791 tagged as minor Debian LTS Team June 2022  
Stretch-backports 2.0.2 bad CVE-2019-12046, CVE-2019-13031, CVE-2019-15941 None June 2019  
Stretch-backports-sloppy 2.0.10 clean LLNG Team, “best effort” [3] Until Debian 11 release [4]  
10 Buster 2.0.2 clean CVE-2019-19791 tagged as minor Debian Security Team Probably July 2024  
Buster-backports Latest [5] clean LLNG Team Until next Debian release [4]  
Next Testing Latest [5] clean LLNG Team    

See Debian Security Tracker and Debian Package Tracker for more.

Ubuntu

<note warning>Ubuntu version are included in “universe” branch [8], so not really security maintained. Prefer to use our repositories or Debian ones</note>

Ubuntu dist   LLNG version Secured Maintenance
12.04 Precise 1.1.2 maybe No known vulnerability None
14.04 Trusty 1.2.5 maybe No known vulnerability None
16.04 Xenial [9] 1.4.6 bad CVE-2019-12046, CVE-2019-13031 None
18.04 Bionic [9] 1.9.16 bad CVE-2019-12046, CVE-2019-13031, CVE-2020-24660 None
18.10 Cosmic 1.9.17 bad CVE-2019-12046, CVE-2019-13031, CVE-2020-24660 None
19.04 Disco 2.0.2 bad CVE-2019-12046, CVE-2019-13031, CVE-2019-15941, CVE-2020-24660 None
19.10 Eoan 2.0.5 bad CVE-2019-15941, CVE-2020-24660 None
20.04 Focal [9] 2.0.7 bad CVE-2020-24660 None
20.10 Groovy 2.0.8 bad CVE-2020-24660 None

Bug report

See Reporting a bug.

Development

image13

git clone https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng.git

Other

image14

[1](1, 2) Possible Extended LTS
[3]updated by LLNG Team until dependencies are compatible
[4](1, 2) around June 2021
[5](1, 2) few days after release
[8]Ubuntu universe/multiverse branches are community maintained (so not maintained by Canonical), but in fact nobody considers LLNG security issues. See this issue for example
[9](1, 2, 3) LTS