The VideoLAN Forums

Hi

first: I don't wanna piss anybody off
... but I have a simple question concerning the security of the vlc-Player:

A few days ago I read some news that there was a security-hole in vlc (http://www.videolan.org/security/sa1108.html) that was exploitable thru videos on websites if you use the vlc-Browser-Plugin...
When I tried to Download the new version I found out that there is still 1.1.11 offered at the front page of the vlc-Project-website...

Sorry, like I said before, I don't wanna piss anybody off, who develops software for free, but why does it take so long to offer the new version... Its just a build job... or am I wrong...?
I like vlc and have recommend it for non-nerds to use it, because its a neat piece of software...
but why are you still distributing the old vulnerable version although the patch for this problem already exists? (http://download.videolan.org/pub/videol ... .13/win32/)...
Or Am i wrong here and Im missing sth...??? Why isn't the build-job started immediately after the patch exists?

Just take the dll and replace the old one with the new one...

hmmm.... to be honest.... that doesnt answer my question why a vulnerable version is still distributed.... !
And yeah: I've seen that there is a new version!
And yeah: Thank you!

But its a general question (not just about this release)!

You know: I think many people take constructive criticism personally... although imho asking questions .. (and getting answers...) is the only way of improving sth....
but probably you don't see the need to improve sth, because vlc is already a huge success whether you will release future versions instantly or as "dll-update" won't change anything...
... but why not make a good thing better...or more user friendly... or easier to use for non-nerds ???
When I read your answer I had the impression that you either have good reasons for the "dll-release" and you are too bugged out to give details, or you are pesonally offended by critisism (although it was meant to be constructive criticism ) from someone (me) who hasnt done anything for your project and just "complains" a lot...

whatever...

you probably wont answer anyway, although I would appreciate it...

Live long and prosper

loser

I think it's more trivial: making binary releases is slow, tedious and boring. Nobody likes to do that on his/her free time, and nobody gets paid to do it either.