Running the same API call on versions lower than 4.2.0 yields correct results, since 4.2.0 the API call returns incorrect data. The API itself is compatible, but for example if an application or user consuming the API makes those calls it will get incorrect data. For example, you now may get a hundred entries for port 22 open to 0.0.0.0/0 in your response, when only one of them is owned by you.
On Tue, Dec 3, 2013 at 2:48 PM, Daan Hoogland <daan.hoogl...@gmail.com> wrote: > H Marcus, > > It breaks behavior of the API, you say. Is this in comparison to 4.2 > or to prior versions? > > thanks, > Daan > > On Tue, Dec 3, 2013 at 6:40 PM, Chip Childers <chipchild...@apache.org> wrote: >> On Tue, Dec 3, 2013 at 7:48 AM, sebgoa <run...@gmail.com> wrote: >>> >>> Can you be more specific ? what fixes required a re-vote ? >> >> There was a security vulnerability reported in the release of >> sufficient severity to cause the security team to request Abhi hold >> off on publishing the release and to re-spin.
