Dear Gobby users,

libinfinity 0.6.6 has been released. This is a bugfix release in the
0.6.x series. It fixes a problem where a server's certificate would
silently be accepted even though it failed verification if no
certificate pinning is performed, i.e. the hostname matches and its CA
is trusted. A potential client-side crash is also fixed which occured
when a server is shut down while still being connected. It is
recommended that all users update to this new version of libinfinity.

 c65f9f13f17afb4db2ec8cfaf5f01ce5  libinfinity-0.6.6.tar.gz

Kind regards,
Armin Burgmeier,
0x539 dev group

libinfinity 0.6.6:
 * Fix certificates being only verified for expiration and other
criteria such as weak algorithms if the CA is not trusted. (gobby #61)
 * Fix some assertion failures and inconsistencies in
InfTextFixlineBuffer.
 * Fix a client-side crash when the server shuts down ordinarily while
still connected.

 [1] http://releases.0x539.de/libinfinity/libinfinity-0.6.6.tar.gz

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to