barrier/doc/newsfragments/enforce-maximum-message-len...

SECURITY ISSUE

Barrier will now enforce a maximum length of input messages (fixes CVE-2021-42076).

Previously it was possible for a malicious client or server to send excessive length messages
leading to denial of service by resource exhaustion.
lib: Enforce a maximum length of input messages This commit is the 1/3 part of the fix for the following security vulnerability: - CVE-2021-42076 DoS via excess length messages The issue has been reported by Matthias Gerstner <mgerstner@suse.de>. (cherry picked from commit e33c81b835e14ca1534e3f375c17707f10a29152) 2021-11-01 03:18:51 +00:00			`SECURITY ISSUE`

			`Barrier will now enforce a maximum length of input messages (fixes CVE-2021-42076).`

			`Previously it was possible for a malicious client or server to send excessive length messages`
			`leading to denial of service by resource exhaustion.`