top | item 28591250

(no title)

mistaken | 4 years ago

What worries me is that 2 months have passed since the vulnerability was fixed and yet there is no new version released which contains the patch... So you're exposed unless you build ZT from source.

discuss

api|4 years ago

The patch was on the roots and was applied within 6 hours of learning of the vulnerability. A new release wasn't needed since the issue was not in there.

m4lvin|4 years ago

If the problem is in the ZT root servers, then the clients do not need to be patched, I guess?

mistaken|4 years ago

A new packaged version is now available.

zerotier-one (1.6.6) unstable; urgency=medium

  * Backport endpoint mitigation against address collision attack.

 -- Adam Ierymenko <adam.ierymenko@zerotier.com>  Tue, 21 Sep 2021 01:00:00 -0700