Hey all,
It's a few days past the scheduled release day, but we're here now and I'm happy enough with the last minute SPI changes that we're releasing now. The release is live on git (I hope) and FTP and ACD (along with the PGP sig file).
As I've been asking for, and receiving now more PRs with signed tags that include a summary of changes in them, I can point to: https://lists.denx.de/pipermail/u-boot/2018-October/342659.html https://lists.denx.de/pipermail/u-boot/2018-October/344567.html
for a brief summary of what's gone in. After -rc2 we've mainly gone with additional fixes in: - i.MX, Xilinx, EFI Loader, R-Mobile, x86, sunxi, and Marvell platforms - Added i.MX8 support. Yes, this should have come in sooner or waited, but, well, here it is now instead.
I'm going to mention here as well that both CVE-2018-18439 and CVE-2018-18440 exist and are issues. As a community we're still working on more robust fixes to them, but I want to thank Simon Goldschmidt for taking the lead on coming up with code changes for them. In the immediate term (and for older releases) note that the filesystem-based attack can be mitigated by passing a maximum size to the load command.
I also want to highlight here that we're going to change up the release cycle again. There's a few more words on it here: https://lists.denx.de/pipermail/u-boot/2018-November/347209.html But in short, we're still doing v2019.01 on a 2-month cycle and after that we'll do two 3-month cycle releases, v2019.04 and v2019.07 and see where things are at towards the end of v2019.07.
Thanks all!