GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-03-27 15:27:53 +08:00
Code Issues Packages Projects Releases Wiki Activity

NEWS: updated

Browse Source 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
This commit is contained in:
Nikos Mavrogiannopoulos
2026-02-28 11:45:51 +01:00
parent 789252b3f0
commit 7477c32ba5
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
NEWS
View File

@@ -1,4 +1,11 @@
* Version 1.4.1 (unreleased) * Version 1.4.1 (released 2026-02-28)
- [SECURITY] Fixed authentication bypass (medium severity) when using
certificate authentication with cert-user-oid set to SAN(rfc822name):
a client presenting a valid CA-signed certificate without the expected
RFC822 SAN field could authenticate using password credentials alone,
bypassing the intended certificate-to-username binding. Requires the
attacker to possess both a valid CA-signed certificate and valid user
credentials (#694)
- The bundled inih was updated to r62. - The bundled inih was updated to r62.
- The bundled protobuf-c was updated to 1.5.2. - The bundled protobuf-c was updated to 1.5.2.
- Fixed a bug where session timeout could be bypassed by reconnecting - Fixed a bug where session timeout could be bypassed by reconnecting