cppcms-users

[Cppcms-users] CppCMS 1.2.1 Released - security update

[Artyom B. <art...@gm...>]

Released: 2018-05-18

It is strongly recommended to update the version to the latest one due
to security updates


Security Bug Fixes:

- Fixed security bug fix in JSON parser module that can lead to DOS

Bugs Fixed:

- Fixed issues #36 - building with GZIP disabled
- Fixed issue #150 - incorrect parsing of multipart form

Changes:

- By default CppCMS now uses OpenSSL instead of GNU-TLS if both
available (you can change behavior back by adding -DDISABLE_OPENSSL=ON
to cmake)

Re: [Cppcms-users] CppCMS 1.2.1 Released - security update

[Artyom B. <art...@gm...>]

I forgot to mention special thanks to Khaled Yakdan from
code-intelligence.de for reporting this security issue

Artyom Beilis

On Fri, May 18, 2018 at 4:35 PM, Artyom Beilis <art...@gm...> wrote:
> Released: 2018-05-18
>
> It is strongly recommended to update the version to the latest one due
> to security updates
>
>
> Security Bug Fixes:
>
> - Fixed security bug fix in JSON parser module that can lead to DOS
>
> Bugs Fixed:
>
> - Fixed issues #36 - building with GZIP disabled
> - Fixed issue #150 - incorrect parsing of multipart form
>
> Changes:
>
> - By default CppCMS now uses OpenSSL instead of GNU-TLS if both
> available (you can change behavior back by adding -DDISABLE_OPENSSL=ON
> to cmake)