[Bug 201065] sysutils/logstash-forwarder: [security] Request update to 0.4.0 to resolve SSLv3 security concerns
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Tue Jun 23 02:17:17 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201065
Bug ID: 201065
Summary: sysutils/logstash-forwarder: [security] Request update
to 0.4.0 to resolve SSLv3 security concerns
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: Individual Port(s)
Assignee: freebsd-ports-bugs at FreeBSD.org
Reporter: jason.unovitch at gmail.com
CC: cheffo at freebsd-bg.org
CC: cheffo at freebsd-bg.org
Flags: maintainer-feedback?(cheffo at freebsd-bg.org)
Based off discussion on logstash security updates in bug 201001, one of the
issues researched revealed this security issue from the logstash-forwarder
change log.
= Security:
- Requires server support TLS 1.0 or higher (#402). This resolves a number of
security concerns, including POODLE. The POODLE concern was reported
and validated by Tray Torrance, Marc Chadwick, and David Arena. Additionally,
the PCI SSC announced that SSLv3 was not acceptable anymore.
https://github.com/elastic/logstash-forwarder/blob/master/CHANGELOG
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list