Release notes for v2.3.4
This commit is contained in:
parent
e7bdcb5249
commit
56177d461a
|
@ -1,6 +0,0 @@
|
||||||
SECURITY ISSUE
|
|
||||||
|
|
||||||
Barrier will now correctly close connections when the app-level handshake fails (fixes CVE-2021-42075).
|
|
||||||
|
|
||||||
Previously repeated failing connections would leak file descriptors leading to Barrier being unable
|
|
||||||
to receive new connections from clients.
|
|
|
@ -1,6 +0,0 @@
|
||||||
SECURITY ISSUE
|
|
||||||
|
|
||||||
Barrier will now enforce a maximum length of input messages (fixes CVE-2021-42076).
|
|
||||||
|
|
||||||
Previously it was possible for a malicious client or server to send excessive length messages
|
|
||||||
leading to denial of service by resource exhaustion.
|
|
|
@ -1,4 +0,0 @@
|
||||||
SECURITY ISSUE
|
|
||||||
|
|
||||||
Fixed a bug which caused Barrier to crash when disconnecting a TCP session just after sending Hello message.
|
|
||||||
This bug allowed an unauthenticated attacker to crash Barrier with only network access.
|
|
|
@ -1,2 +0,0 @@
|
||||||
Fixed a bug in SSL implementation that caused invalid data occasionally being sent to clients
|
|
||||||
under heavy load.
|
|
|
@ -2,3 +2,31 @@ Release notes
|
||||||
=============
|
=============
|
||||||
|
|
||||||
[comment]: <> (towncrier release notes start)
|
[comment]: <> (towncrier release notes start)
|
||||||
|
|
||||||
|
Barrier `2.3.4` ( `2021-11-01` )
|
||||||
|
================================
|
||||||
|
|
||||||
|
Security fixes
|
||||||
|
--------------
|
||||||
|
|
||||||
|
- Barrier will now correctly close connections when the app-level handshake fails (fixes CVE-2021-42075).
|
||||||
|
|
||||||
|
Previously repeated failing connections would leak file descriptors leading to Barrier being unable
|
||||||
|
to receive new connections from clients.
|
||||||
|
|
||||||
|
- Barrier will now enforce a maximum length of input messages (fixes CVE-2021-42076).
|
||||||
|
|
||||||
|
Previously it was possible for a malicious client or server to send excessive length messages
|
||||||
|
leading to denial of service by resource exhaustion.
|
||||||
|
|
||||||
|
- Fixed a bug which caused Barrier to crash when disconnecting a TCP session just after sending Hello message.
|
||||||
|
This bug allowed an unauthenticated attacker to crash Barrier with only network access.
|
||||||
|
|
||||||
|
All of the above security issues have been reported by Matthias Gerstner who was really helpful
|
||||||
|
resolving them.
|
||||||
|
|
||||||
|
Bug fixes
|
||||||
|
---------
|
||||||
|
|
||||||
|
- Fixed a bug in SSL implementation that caused invalid data occasionally being sent to clients
|
||||||
|
under heavy load.
|
||||||
|
|
Loading…
Reference in New Issue