rabbitmq-server/rabbitmq-server-3.4.3.tar.gz at c567adc2620547947277adea27ead82ff058004f423055a752552a725245e993 - rabbitmq-server - openSUSE Gitea

pool/rabbitmq-server

SHA256

Dirk Mueller 4680a69d2b - update to 3.4.3:

* prevent XSS attack in table key names (since 2.4.0)
     (CVE-2015-0862)
   * prevent XSS attack in policy names (since 3.4.0)
      (CVE-2015-0862)
   * prevent XSS attack in client details in the connections list
      (CVE-2015-0862)
   * prevent XSS attack in user names in the vhosts list or the vhost names
      in the user list (since 2.4.0)
      (CVE-2015-0862)
   * prevent XSS attack in the cluster name (since 3.3.0)
      (CVE-2015-0862)
   * prevent /api/* from returning text/html error messages which could
      act as an XSS vector (since 2.1.0)
   * fix response-splitting vulnerability in /api/downloads (since 2.1.0)
   * do not trust X-Forwarded-For header when enforcing 'loopback_users' 
     (CVE-2014-9494)
   * disable SSLv3 by default to prevent the POODLE attack
   * see https://www.rabbitmq.com/release-notes/README-3.4.3.txt
   * see https://www.rabbitmq.com/release-notes/README-3.4.2.txt
   * see https://www.rabbitmq.com/release-notes/README-3.4.1.txt
   * see https://www.rabbitmq.com/release-notes/README-3.4.0.txt

OBS-URL: https://build.opensuse.org/package/show/network:messaging:amqp/rabbitmq-server?expand=0&rev=53

2015-01-21 16:18:31 +00:00

4 lines

132 B

Plaintext

Raw Blame History

	`version https://git-lfs.github.com/spec/v1`
	`oid sha256:a6cb2d68f99054c87cc7daa2d3857f85a2adfc582f6ab8538f2605031751b5d5`
	`size 3656510`