www-announce mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lecharny <elecha...@apache.org>
Subject [CVE-2019-0231] MINA SSLFilter security Issue
Date Sun, 14 Apr 2019 06:30:01 GMT
Description: Handling of the close_notify SSL/TLS message does not
lead to a connection closure, leading the server to retain the socket
opened and to have the client potentially receive clear-text messages
which were supposed to be encrypted.

This security issue is fixed by Apache MINA 2.0.21 or Apache MINA
2.0.21. Please migrate to those new versions.

-- 
Regards,
Cordialement,
Emmanuel L├ęcharny
www.iktek.com

Mime
View raw message