You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@sentry.apache.org by "Sergio Peña (JIRA)" <ji...@apache.org> on 2017/07/10 20:11:02 UTC
[jira] [Updated] (SENTRY-1446) Upgrade httpmime (Sentry) to 4.3.6
or greater.
[ https://issues.apache.org/jira/browse/SENTRY-1446?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sergio Peña updated SENTRY-1446:
--------------------------------
Fix Version/s: (was: 1.8.0)
2.0.0
Moving all unresolved jiras with fix version 1.8.0 to 2.0.0. Please change the fix version if you intend to make it into 1.8.0 release.
> Upgrade httpmime (Sentry) to 4.3.6 or greater.
> ----------------------------------------------
>
> Key: SENTRY-1446
> URL: https://issues.apache.org/jira/browse/SENTRY-1446
> Project: Sentry
> Issue Type: New Feature
> Components: Sentry
> Affects Versions: 1.8.0
> Reporter: Anne Yu
> Fix For: 2.0.0
>
>
> http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.
> Upgrade to 4.3.6 or greater.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)