Thank you for your reply. We will consider upgrading the version.
Thank you, Tadashi > -----Original Message----- > From: Mike Jumper <mjum...@apache.org> > Sent: Thursday, January 13, 2022 10:19 AM > To: user@guacamole.apache.org > Subject: Re: [SECURITY] CVE-2021-41767: Apache Guacamole: Private tunnel > identifier may be included in the non-private details of active connections > > On Wed, Jan 12, 2022 at 4:52 PM <rst_pi_sisk10...@krf.biglobe.ne.jp> wrote: > > > > Hello, > > > > Can this vulnerability be protected by a WAF such as Modseurity? > > > > I would not recommend relying solely on a WAF to defend against a known issue > in > any application. With the issue in question being patched in the latest > release (1.4.0), > your best option is to upgrade to 1.4.0 and thus deploy the relevant patch. > > - Mike > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org > For additional commands, e-mail: user-h...@guacamole.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org