Hello,
Can this vulnerability be protected by a WAF such as Modseurity? From: Nick Couchman <[email protected]> Sent: Thursday, January 13, 2022 6:33 AM To: [email protected] Subject: Re: [SECURITY] CVE-2021-41767: Apache Guacamole: Private tunnel identifier may be included in the non-private details of active connections On Wed, Jan 12, 2022 at 4:28 PM guacatoine <[email protected] <mailto:[email protected]> > wrote: Hello, Le 11/01/2022 à 22:21, Mike Jumper - [email protected] <mailto:[email protected]> a écrit : > Severity: moderate When running Apache Guacamole 1.3.0, is the only way of addressing CVE-2021-41767 to update to v1.4.0 or is there a security patch incoming for one (or more lower) version(s) of Guacamole? We do not plan to release patches for lower versions. Essentially, 1.4.0 is the patch. If you really need to maintain a lower version, you could try to back-port the patch(es) that specifically address the issue to that version, but that's a lot of manual work versus just upgrading to the latest version. -Nick
