Date: Tue, 23 Jun 2015 02:17:16 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 201065] sysutils/logstash-forwarder: [security] Request update to 0.4.0 to resolve SSLv3 security concerns Message-ID: <bug-201065-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201065 Bug ID: 201065 Summary: sysutils/logstash-forwarder: [security] Request update to 0.4.0 to resolve SSLv3 security concerns Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: freebsd-ports-bugs@FreeBSD.org Reporter: jason.unovitch@gmail.com CC: cheffo@freebsd-bg.org CC: cheffo@freebsd-bg.org Flags: maintainer-feedback?(cheffo@freebsd-bg.org) Based off discussion on logstash security updates in bug 201001, one of the issues researched revealed this security issue from the logstash-forwarder change log. = Security: - Requires server support TLS 1.0 or higher (#402). This resolves a number of security concerns, including POODLE. The POODLE concern was reported and validated by Tray Torrance, Marc Chadwick, and David Arena. Additionally, the PCI SSC announced that SSLv3 was not acceptable anymore. https://github.com/elastic/logstash-forwarder/blob/master/CHANGELOG -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-201065-13>