Merge pull request #1371 from p12tic/doc-release-notes

doc: Add missed details to v2.3.4 and v2.4.0 release notes
This commit is contained in:
Povilas Kanapickas 2021-11-03 03:04:38 +02:00 committed by GitHub
commit e010f89f41
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 1 deletions

View File

@ -25,6 +25,9 @@ Security fixes
again. Client and server will show both SHA1 and SHA256 server fingerprints to allow again. Client and server will show both SHA1 and SHA256 server fingerprints to allow
interoperability with older versions of Barrier. interoperability with older versions of Barrier.
All of the above security issues have been reported by Matthias Gerstner who was really helpful
resolving them.
Bug fixes Bug fixes
--------- ---------
@ -81,7 +84,8 @@ Security fixes
Previously it was possible for a malicious client or server to send excessive length messages Previously it was possible for a malicious client or server to send excessive length messages
leading to denial of service by resource exhaustion. leading to denial of service by resource exhaustion.
- Fixed a bug which caused Barrier to crash when disconnecting a TCP session just after sending Hello message. - Fixed a bug which caused Barrier to crash when disconnecting a TCP session just after sending
Hello message (fixes CVE-2021-42074).
This bug allowed an unauthenticated attacker to crash Barrier with only network access. This bug allowed an unauthenticated attacker to crash Barrier with only network access.
All of the above security issues have been reported by Matthias Gerstner who was really helpful All of the above security issues have been reported by Matthias Gerstner who was really helpful