Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 20 Oct 2014 17:26:55 +0000
From:      bugzilla-noreply@freebsd.org
To:        ruby@FreeBSD.org
Subject:   [Bug 194491] New: www/rubygem-httpclient: Bump to version 2.5.1
Message-ID:  <bug-194491-21402@https.bugs.freebsd.org/bugzilla/>

next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194491

            Bug ID: 194491
           Summary: www/rubygem-httpclient: Bump to version 2.5.1
           Product: Ports Tree
           Version: Latest
          Hardware: Any
                OS: Any
            Status: Needs Triage
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: ruby@FreeBSD.org
          Reporter: robmessick@gmail.com
          Assignee: ruby@FreeBSD.org
             Flags: maintainer-feedback?(ruby@FreeBSD.org)

There are some changes to defaults in httpclient 2.5.0+ to mitigate
susceptibility to some recent(ish) SSL atack vectors.

See: https://github.com/nahi/httpclient/blob/master/CHANGELOG.md

Relevant changes in 2.5.0:
"""
    Disabled SSLv3 in favor of POODLE Attack prevention.
    Enabled 1/n-1 fragment in favor of BEAST Attack prevention.
    No TLS compression in favor of CRIME Attack prevention.
"""

--- Comment #1 from Bugzilla Automation <bugzilla@FreeBSD.org> ---
Auto-assigned to maintainer ruby@FreeBSD.org

-- 
You are receiving this mail because:
You are the assignee for the bug.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-194491-21402>