I think it is important to document all security issues(wiki or part of the rfc), mainly for other implementations of the protocol and to don't repeat the issues in the future.
On Fri, Dec 5, 2014 at 10:13 AM, Pieter Hintjens <[email protected]> wrote: > Hi all, > > @MinRK reported and fixed a downgrade attack in the 4.0.5 stable > release of libzmq, and the 4.1.0 RC1. See > https://github.com/zeromq/libzmq/issues/1273. > > The fix is on libzmq master, and also on zeromq4-x and zeromq4-1 masters. > > When I get some confirmation that these two masters look OK, I'll make > new packages with the releases. > > For 4.1 RC2, if anyone has specific fixes to libzmq master they still > want to backport, please raise a hand, or make the usual pull > requests. > > Thanks, > -Pieter > _______________________________________________ > zeromq-dev mailing list > [email protected] > http://lists.zeromq.org/mailman/listinfo/zeromq-dev >
_______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
