1.4.3

centrifugal · Apr 5, 2016 · 81972f1 · 81972f1
1 parent 340636b
commit 81972f1
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,11 @@
+v1.4.3
+======
+
+**Fix of security vulnerability introduced in v1.4.2**, see below.
+
+* If you are using Centrifugo v1.4.2 (previous versions not affected) with admin socket enabled (with `--admin` or `--web` options) and your admin endpoint not protected by firewall somehow then you must update to this version. Otherwise it's possible to connect to admin websocket endpoint and run any command without authentication. It's recommended to update your secret key after upgrade. So sorry for this.
+
+
 v1.4.2
 ======
 

diff --git a/Dockerfile b/Dockerfile
@@ -1,8 +1,8 @@
 FROM centos:7
 
-ENV VERSION 1.4.2
+ENV VERSION 1.4.3
 
-ENV CENTRIFUGO_SHA256 dded40f45c7f8ceab43d193cd9f72bc2eaa4fcf50637cf2545298c99f2b3f37f
+ENV CENTRIFUGO_SHA256 b073c5ca86d8e35181291dfbfa40763d314b91601914b0035db95cbc6eba6b6e
 
 ENV DOWNLOAD https://github.com/centrifugal/centrifugo/releases/download/v$VERSION/centrifugo-$VERSION-linux-amd64.zip
 

diff --git a/version.go b/version.go
@@ -2,5 +2,5 @@ package main
 
 const (
 	// VERSION of Centrifugo server.
-	VERSION = "1.4.2"
+	VERSION = "1.4.3"
 )