Skip to content

0.10.2 ‘Skuffet, men ikke overrasket’
Compare
Choose a tag to compare
@partim partim released this 09 Nov 15:32
· 759 commits to main since this release
v0.10.2
a215402
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Bug Fixes

  • The rrdp-timeout configuration setting now correctly limits the maximum length an RRDP request can take. This prevents a possible issue where a RRDP repository maliciously or erroneously delays a request and subsequently a validation run. (#666, CVE-2021-43173)

New

  • The new configuration setting max-ca-depth limits the length a chain of CAs from a trust anchor. By default it is set to 32. This fixes a possible vulnerability where a CA creates an infinite chain of CAs. (#665, CVE-2021-43172)

Other Changes

  • Support for the gzip transfer encoding for RRDP has been removed because gzip in combination with XML provides multiple ways to delay validation. The configuration setting rrdp-disable-gzip is now deprecated and will be removed in the next breaking release. (#667, CVE-2021-43174)
Assets 2
Loading