
Ubuntu 18.04.2 LTS Released - slyrus
https://wiki.ubuntu.com/BionicBeaver/ReleaseNotes/ChangeSummary/18.04.2
======
dcminter
I for one would very much like to see this bug in 18.04 fixed as a priority:

[https://bugs.launchpad.net/ubuntu/+source/openjdk-
lts/+bug/1...](https://bugs.launchpad.net/ubuntu/+source/openjdk-
lts/+bug/1796027)

The Java 11 package installs Java 10. This was supposed to be a short term
hack (because Ubuntu's long term supported version 18.04 was being released
shortly before Java's long term supported version 11) but it's been a good
while now - six months or so.

The short term support version 18.10 of Ubuntu has Java 11 so it's very non-
obvious what the blocker is.

To me this seems like a really poor choice. The result of installing the Java
11 package but getting Java 10 _clearly_ fails the principle of least
astonishment. If we can live without the fix a quarter of the way to the next
LTS edition of Ubuntu then we could have lived with Java 10 as the preferred
(and correctly named) package in the first place.

Meanwhile the bug asks us not to spam with requests for updates yet there's no
suggestion of where we can go to gauge what the timescales we're up against
are.

It definitely dents my confidence in Ubuntu as a well organised distribution.

~~~
pram
Reminds me of when they replaced ffmpeg with avconv. As in, installing
'ffmpeg' would give you something completely different.

~~~
pjmlp
Or when the proprietary Broadcom driver was replaced by open source version,
although it was still lacking in features and we had to use LAN cable for
about 6 months until it reached feature parity.

------
powersj
This is not an official announcement and it has not been officially declared
released or ISOs updated.

The last official comment was it was delayed till Thursday, Feb. 14:

[https://lists.ubuntu.com/archives/ubuntu-
release/2019-Februa...](https://lists.ubuntu.com/archives/ubuntu-
release/2019-February/004694.html)

Those preparing the release will update release notes and fixed bug lists
(like this one) before the release.

~~~
powersj
The official release announcement is now out:

[https://lists.ubuntu.com/archives/ubuntu-
release/2019-Februa...](https://lists.ubuntu.com/archives/ubuntu-
release/2019-February/004702.html)

------
clinta
I wish there was some announcement about when HWE kernels will be available
for 18.04. This page has not yet been updated.

[https://wiki.ubuntu.com/Kernel/RollingLTSEnablementStack#Ker...](https://wiki.ubuntu.com/Kernel/RollingLTSEnablementStack#Kernel.2FSupport-1.A18.04.x_Ubuntu_Kernel_Support)

------
slyrus
Apparently 18.04.2 LTS has been released, as that's what my box reports
running now. I don't see any clear announcements of the actual release, but
perhaps they're just hard to find on the various ubuntu wiki/planet/mailing
list/etc... sites.

~~~
Lorkki
It should make no difference to an existing installation. The point releases
to LTS really just mean that the installer images are kept up to date.

~~~
copperx
So that means that if my system says it's version 18.04.1 and reports "your
system is up to date", then I am up to date?

~~~
gerdesj
If you have done apt update and apt upgrade recently followed by a reboot then
it will show .2 on login. I have just confirmed this on a VM.

------
jake_the_third
Does it include the fix for apt's recent mirror redirect vulnerability? If
not, any update to a fresh system would be trivially susceptible to a MITM
attack if redirects aren't disabled. This includes docker images as well:
[https://justi.cz/security/2019/01/22/apt-
rce.html](https://justi.cz/security/2019/01/22/apt-rce.html)

Canonical really should enable https as an additional layer of protection.
This isn't the first time a bug in apt's authentication was found and it's
unlikely that this bug will be the last.

~~~
powersj
Fixed in January: [https://people.canonical.com/~ubuntu-
security/cve/2019/CVE-2...](https://people.canonical.com/~ubuntu-
security/cve/2019/CVE-2019-3462.html)

edit: the updated, point release ISOs will have the fix

