Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update to Calamari 0.3.3 to Fix Timing Attack Vulnerability #103

Closed
romeara opened this issue Apr 19, 2019 · 0 comments
Closed

Update to Calamari 0.3.3 to Fix Timing Attack Vulnerability #103

romeara opened this issue Apr 19, 2019 · 0 comments
Assignees
@romeara
Labels
security Related to security issues
Milestone
0.3.1

Comments

@romeara
Copy link
Member

romeara commented Apr 19, 2019

Up through 0.3.2, Calamari had a vulnerability in the form of a timing attack in the algorithm that verified GitHub was the originator of webhook events. 0.3.3 fixes this issue - update to this version to patch the vulnerability
@romeara romeara added the security Related to security issues label Apr 19, 2019
@romeara romeara added this to the next-release milestone Apr 19, 2019
@romeara romeara self-assigned this Apr 19, 2019
romeara added a commit that referenced this issue Apr 19, 2019
@romeara
Merge pull request #105 from StarChart-Labs/security/romeara/103-upda…
09bdbff 
…te-calamari

Resolves GH-103: Updates Calamari to 0.3.3 to address vulnerability
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@romeara romeara

Labels
security Related to security issues
Projects
None yet
Milestone
0.3.1
Development

No branches or pull requests
1 participant
@romeara