[freenet-support] Freenet 0.7 build 1069 with some security fixes
Matthew Toseland
toad at amphibian.dyndns.org
Wed Oct 24 17:06:31 UTC 2007
Freenet 0.7 build 1069 is now available. Please upgrade. This includes a fix
to a weak keys issue in our Diffie-Hellman code (including STS and JFK),
which apparently also affected Freenet 0.5 (we are not going to fix it in 0.5
as 0.5 is unmaintained, but if you want to send us a patch we will apply it),
which allowed man-in-the-middle attacks to break our link encryption. Tor
fixed a similar issue in 2005. Apologies for not fixing this earlier, I had
thought it was a less serious vulnerability. 1069 also contains a few fixes
to the new connection crypto setup code, fixes a rare NPE on startup, and
another one caused when trying to insert a nonexistent directory via FCP.
Thanks for using Freenet, please report any bugs you find. This build will be
mandatory on the 30th of October. Builds 1067 and 1068 contained fixes to the
new crypto code in 1066, if you are curious. Sorry.
Also, Freemail has been pluginised, and apparently works, although it has many
issues. If you want to try it, load it by typing Freemail* (or Freemail# if
you don't want it downloaded on every startup) into the load a plugin box.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://emu.freenetproject.org/pipermail/support/attachments/20071024/9dd6c356/attachment.pgp
More information about the Support
mailing list