You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@sentry.apache.org by "Sergio Peña (JIRA)" <ji...@apache.org> on 2017/07/10 20:11:02 UTC

[jira] [Updated] (SENTRY-1446) Upgrade httpmime (Sentry) to 4.3.6 or greater.

     [ https://issues.apache.org/jira/browse/SENTRY-1446?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Sergio Peña updated SENTRY-1446:
--------------------------------
    Fix Version/s:     (was: 1.8.0)
                   2.0.0

Moving all unresolved jiras with fix version 1.8.0 to 2.0.0. Please change the fix version if you intend to make it into 1.8.0 release.

> Upgrade httpmime (Sentry) to 4.3.6 or greater.
> ----------------------------------------------
>
>                 Key: SENTRY-1446
>                 URL: https://issues.apache.org/jira/browse/SENTRY-1446
>             Project: Sentry
>          Issue Type: New Feature
>          Components: Sentry
>    Affects Versions: 1.8.0
>            Reporter: Anne Yu
>             Fix For: 2.0.0
>
>
> http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.
> Upgrade to 4.3.6 or greater.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)