Author Topic: Stable build 5086 and major vulnerability fix  (Read 2338 times)

0 Members and 1 Guest are viewing this topic.

Offline Nemo

  • Global Moderator
  • Elite
  • *****
  • Posts: 1303
  • Karma: +27/-0
    • View Profile
Stable build 5086 and major vulnerability fix
« on: July 25, 2004, 03:52:28 PM »
Thanks to Hans-Dieter to mention the new stable build 5086 on the other message thread. :-)

From: Toad <toad@...>
 Subject: Stable build 5086 and major vulnerability fix
 Date: Sat, 24 Jul 2004 00:48:53 +0100
Stable build 5086 is now available. The snapshots have been updated.
Please upgrade ASAP (if you are running the stable branch, which most
Freenet users are). This build fixes a fairly major vulnerability to
passive traffic analysis whereby an attacker could determine (on
uncongested links) the types of messages being transferred, and perhaps
the MRI, and with help from a node from within the network, he could
perhaps trace a message chain's path across much of the network (with a
lot of luck), and perhaps find compromizing information. This is the
initial fix and it may be somewhat wasteful of bandwidth. We will
develop better fixes in the near future, but it is at least backwards
compatible: You should not need to reseed.
How to update:
On POSIX-like systems such as Linux and MacOS/X (or Darwin):
On Windows, you can use the update option on the start menu.
On any platform, you can stop the node, download over your
existing freenet.jar, and then start the node up again.

The next build, 5087, will probably contain a significant CPU usage
improvement by means of using native code to speed up some of the
heaviest crypto and routing operations. That code is not quite ready
yet; look for a release later on Saturday, or perhaps Monday.
Matthew J Toseland - toad@...
Freenet Project Official Codemonkey -
ICTHUS - Nothing is impossible. Our Boss says so.

Support mailing list
Unsubscribe at
Or mailto:support-request@...?subject=unsubscribe

This time I don't add a poll because stable build 5087 is on the way. Thanks to the Freenet development team! :-)

Matthew mentioned on the development mailing list a crypto related connection bug:
IMO we will see new stable builds in the next days. :-)