Hi
I normally do not announce new releases via our -user and -dev mailing lists.
This time, the situation is special.
Active users of cups-x2go should update as soon as possible due to the security fixes implemented in the new version.
Non-active users of cups-x2go do not need to take immediate action, but are likewise encouraged to update. To make sure that cups-x2go is not being used, you can remove user accounts from the group fuse (or whatever is appropriate for your distribution.) As cups-x2go requires sshfs, non-access to fuse is a way to deny functionality.
As cups-x2go is part of both Fedora and EPEL, this is of special interest for Orion.
I will provide you with an CVE ID as soon as one has been assigned. It has been already requested.
Mihai