RDM DVLS: version challenges
We are running RDM 2024.1.32 and DVLS 2024.1.14.
I noticed that DEVO-2024-0008 requires the installation of RDM 2024.2.8.0. The most recent stable version of DVLS is 2023.3.18.0. The General version DVLS is 2024.2.3.0.
As a regulated organization with mature vulnerability management processes, we try to address security issues in a timely manner. In this case, we would need to update DVLS to a fairly new release which makes me uncomfortable.
Are there considerations about how to allow a version difference between RDM and DVLS?
All Comments (4)
Hello,
Thanks for contacting Devolutions.
We understand the challenge; let me see if there is something we can do.
On a side note, the CVE you're referring to only affects Vaults using a Master Password (see more here: https://docs.devolutions.net/server/web-interface/administration/security-management/vaults/security/)
If you're not using this feature, this CVE will not affect you.
I hope this helps!
Best regards,
Alex Belisle
Thanks for pointing out the master password point. I glossed over that when reading it.
At least I can get the Vulnerability team off my back.
Hello again!
It seems like the remediation is 2024.1.32, we'll work on clarifying this...
Either way, you're good to go!
Best regards,
Alex Belisle
I was also facing the same information, thank you.