- Timestamp:
- Jan 23, 2019, 12:44:51 PM (2 years ago)
- Branches:
- asyncio, debian/master, master, proxy-ticket
- Children:
- 143bd98, ea9c699
- Parents:
- 8adfa57
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
CHANGELOG
r8adfa57 r510764a 1 ** Version 0.9.0 UNRELEASED1 ** Version 0.9.0 (2019-01-23) 2 2 - Security fix: Refuse to send or receive any data over a failed TLS 3 connection (commit 72b669eae8c45dda1850e8e5b30a97c918357b51). This 4 could lead to requests on reverse proxy TLS connections being sent 5 in plain text, and might allow faking requests in plain text. 3 connection (commit 72b669eae8c45dda1850e8e5b30a97c918357b51). The 4 previous behavior could lead to requests on reverse proxy TLS 5 connections being sent in plain text, and might have allowed faking 6 requests in plain text. 6 7 - Security fix: Reject HTTP requests if they try to access virtual 7 8 hosts that do not match their TLS connections (commit 8 9 de3fad3c12f53cdbf082ad675e4b10f521a02811). Additionally check if SNI 9 and Host header match. 10 and Host header match. Thanks to Krista Karppinen for contributing 11 tests! 10 12 - OCSP stapling is now enabled by default, if possible. OCSP responses 11 13 are updated regularly and stored in a cache separate from the
Note: See TracChangeset
for help on using the changeset viewer.