diff options
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 24 |
1 files changed, 23 insertions, 1 deletions
@@ -1,4 +1,15 @@ --------------------------------------------------------------------------- +Version 3.21.9 [BETA] (rgerhards), 2008-12-04 +- re-release of 3.21.8 with an additional fix, that could also lead + to DoS; 3.21.8 has been removed from the official download archives +- security fix: imudp emitted a message when a non-permitted sender + tried to send a message to it. This behaviour is operator-configurable. + If enabled, a message was emitted each time. That way an attacker could + effectively fill the disk via this facility. The message is now + emitted only once in a minute (this currently is a hard-coded limit, + if someone comes up with a good reason to make it configurable, we + will probably do that). +--------------------------------------------------------------------------- Version 3.21.8 [BETA] (rgerhards), 2008-12-04 - bugfix: imklog did not compile on FreeBSD - security bugfix: $AllowedSender was not honored, all senders were @@ -124,7 +135,18 @@ Version 3.21.0 [DEVEL] (rgerhards), 2008-07-18 - imported all changes from 3.18.1 until today (some quite important, see below) --------------------------------------------------------------------------- -Version 3.20.1 [v3-stable] (rgerhards), 2008-112-04 +Version 3.20.2 [v3-stable] (rgerhards), 2008-12-04 +- re-release of 3.20.1 with an additional fix, that could also lead + to DoS; 3.20.1 has been removed from the official download archives +- security fix: imudp emitted a message when a non-permitted sender + tried to send a message to it. This behaviour is operator-configurable. + If enabled, a message was emitted each time. That way an attacker could + effectively fill the disk via this facility. The message is now + emitted only once in a minute (this currently is a hard-coded limit, + if someone comes up with a good reason to make it configurable, we + will probably do that). +--------------------------------------------------------------------------- +Version 3.20.1 [v3-stable] (rgerhards), 2008-12-04 - security bugfix: $AllowedSender was not honored, all senders were permitted instead - enhance: regex nomatch option "ZERO" has been added |