UTM Version 9.352-6 and 9.318-5 released (Do not install!!)

So the million dollar question to everyone..when and should I upgrade from 9.351-3 to the latest? reading through all this gives me nightmares.

nf said:

So the million dollar question to everyone..when and should I upgrade from 9.351-3 to the latest? reading through all this gives me nightmares.

Million dollar answer -> wait for a 9.352 fixed up2date release....[;)]

yep, thanks

Considering the XSS vulnerability discussed here www.heise.de/.../Sicherheitspaket-UTM-von-Sophos-loechrig-3044717.html you would have thought that sophos would patch this pretty quickly. Not sure how the vulnerability is exploited, but I would make sure that my webadmin is not listening on ANY or INTERNET facing interfaces just to be safe.
First a half baked update and now I am assuming its holiday season at sophos HQ. Releasing a patch obtainable via support only was great for paying customers but sophos will get just as much of a black eye if someone's home installation gets hacked due to the XSS exploit.

Considering the XSS vulnerability discussed here www.heise.de/.../Sicherheitspaket-UTM-von-Sophos-loechrig-3044717.html you would have thought that sophos would patch this pretty quickly. Not sure how the vulnerability is exploited, but I would make sure that my webadmin is not listening on ANY or INTERNET facing interfaces just to be safe.
First a half baked update and now I am assuming its holiday season at sophos HQ. Releasing a patch obtainable via support only was great for paying customers but sophos will get just as much of a black eye if someone's home installation gets hacked due to the XSS exploit.