Freenet 0.7 build 1069 is now available. Please upgrade. This includes a fix to a weak keys issue in our Diffie-Hellman code (including STS and JFK), which apparently also affected Freenet 0.5 (we are not going to fix it in 0.5 as 0.5 is unmaintained, but if you want to send us a patch we will apply it), which allowed man-in-the-middle attacks to break our link encryption. Tor fixed a similar issue in 2005. Apologies for not fixing this earlier, I had thought it was a less serious vulnerability. 1069 also contains a few fixes to the new connection crypto setup code, fixes a rare NPE on startup, and another one caused when trying to insert a nonexistent directory via FCP.
Thanks for using Freenet, please report any bugs you find. This build will be mandatory on the 30th of October. Builds 1067 and 1068 contained fixes to the new crypto code in 1066, if you are curious. Sorry. Also, Freemail has been pluginised, and apparently works, although it has many issues. If you want to try it, load it by typing Freemail* (or Freemail# if you don't want it downloaded on every startup) into the load a plugin box. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/support/attachments/20071024/9dd6c356/attachment.pgp>
