Update to ISC's Security Policy

After observing the use of this practice by some other open source projects, we here at ISC have decided to amend our security policy to allow, at our discretion, limited pre-announcement of pending security vulnerability disclosures. Full details are available in our ISC Software Defect and Security Vulnerability Disclosure Policy.

This is our first experiment with the new practice and by making this pre-announcement we wish to inform the BIND user community that the maintenance releases scheduled for Tuesday, May 19, 2020 will contain security fixes for two separate (unrelated) security vulnerabilities.

Further details about the vulnerabilities will be publicly disclosed at the time the releases are published next Tuesday. It is our hope that this pre-announcement will aid BIND operators in planning to respond to that disclosure when it occurs.

If your organization is not already an ISC customer receiving Advance Security Notifications (ASNs) up to five days before vulnerabilities are publicly announced, you may wish to contact us for more information about this valuable security service.

If you have feedback or questions concerning this new policy, please direct them to security-officer@isc.org.

Recent Posts

What's New from ISC

Fall 2022 DNS Webinars

Aliasing in the DNS and HTTPS/SCVB RRs It would be very handy to be able to establish an alias for an apex record in the DNS.

Read post
Next post: Stork 0.7 Released