libcloud-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From to...@apache.org
Subject svn commit: r1104586 - /incubator/libcloud/site/trunk/content/libcloud/security.mdtext
Date Tue, 17 May 2011 21:57:50 GMT
Author: tomaz
Date: Tue May 17 21:57:50 2011
New Revision: 1104586

URL: http://svn.apache.org/viewvc?rev=1104586&view=rev
Log:
Add security page.

Added:
    incubator/libcloud/site/trunk/content/libcloud/security.mdtext

Added: incubator/libcloud/site/trunk/content/libcloud/security.mdtext
URL: http://svn.apache.org/viewvc/incubator/libcloud/site/trunk/content/libcloud/security.mdtext?rev=1104586&view=auto
==============================================================================
--- incubator/libcloud/site/trunk/content/libcloud/security.mdtext (added)
+++ incubator/libcloud/site/trunk/content/libcloud/security.mdtext Tue May 17 21:57:50 2011
@@ -0,0 +1,28 @@
+title: Security updates and reports
+
+## Libcloud Vulnerabilities ##
+
+**SSL MITM vulnerability**
+
+**Description**:
+
+Python SSL library doesn't validate a host SSL certificate and as a
+consequence, versions prior to **0.4.2** are vulnerable to a man-in-the-middle
+attack.
+
+**Affected versions**: All the versions prior to **0.4.2**
+
+**Fix version**:
+
+This vulnerability has been fixed in the version
+**[0.4.2](/libcloud/downloads.html)**. You are strongly encouraged
+to upgrade to this version and set `libcloud.security.VERIFY_SSL_CERT` variable
+to `True`.
+
+## Reporting a vulnerability ##
+
+If you find a security vulnerability you are strongly encouraged to report it to
+our private mailing list: [security@apache.org](mailto:security@apache.org)
+
+PGP keys of the libcloud developers can be found at
+[https://www.apache.org/dist/incubator/libcloud/KEYS](https://www.apache.org/dist/incubator/libcloud/KEYS)



Mime
View raw message