Skip to content

build01477: 2017-03-09
Compare
Choose a tag to compare
@ArneBab ArneBab released this 09 Mar 01:52
· 2199 commits to next since this release
build01477
This tag was signed with the committer’s verified signature.
ArneBab Arne Babenhauserheide
GPG key ID: B41A6047FD6C57F9
Verified
Learn about vigilant mode.
d38a867 
Freenet 0.7.5 build 1477 is now available. [overview]

This is an emergency release:

- fix clickjacking vulnerability, thanks to Kevin for alerting us!
- patch url injection bug introduced in 1476
- fix SSL which broke with Java7 due to a missing cypher

Thank you for using Freenet!

- Arne Babenhauserheide

Developer changelog:

2017-03-09

Changes in 1477:

- fix clickjacking vulnerability
- patch open redirect and header injection vulnerability introduced in 1476
- fix SSL which broke with Java7 due to missing cypher

- Arne Babenhauserheide

---
Arne Babenhauserheide (freenet releases) (2):
      Update default bookmark editions
      Build 1477

Florent Daigniere (1):
      Fix a potential click-jacking vulnerability

drak@kaverne (4):
      Re-enable TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
      fix header injection and open redirection vulnerability introduced in 1476
      update NEWS.md
      fix patch over redirection bug to not break the feature
Assets 10
Loading