Yes, this should be in the RFC, that is a good idea. Thanks.
On Fri, Dec 5, 2014 at 11:30 AM, Doron Somech <[email protected]> wrote: > I think it is important to document all security issues(wiki or part of the > rfc), mainly for other implementations of the protocol and to don't repeat > the issues in the future. > > On Fri, Dec 5, 2014 at 10:13 AM, Pieter Hintjens <[email protected]> wrote: >> >> Hi all, >> >> @MinRK reported and fixed a downgrade attack in the 4.0.5 stable >> release of libzmq, and the 4.1.0 RC1. See >> https://github.com/zeromq/libzmq/issues/1273. >> >> The fix is on libzmq master, and also on zeromq4-x and zeromq4-1 masters. >> >> When I get some confirmation that these two masters look OK, I'll make >> new packages with the releases. >> >> For 4.1 RC2, if anyone has specific fixes to libzmq master they still >> want to backport, please raise a hand, or make the usual pull >> requests. >> >> Thanks, >> -Pieter >> _______________________________________________ >> zeromq-dev mailing list >> [email protected] >> http://lists.zeromq.org/mailman/listinfo/zeromq-dev > > > > _______________________________________________ > zeromq-dev mailing list > [email protected] > http://lists.zeromq.org/mailman/listinfo/zeromq-dev > _______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
