View previous topic :: View next topic |
Author |
Message |
Squat
Joined: 15 Jan 2008 Posts: 4 Location: Trondheim, Norway
|
Posted: Tue Jan 15, 2008 11:11 am Post subject: Security and version numbers of releases |
|
|
According to releases: Would be nice if the releases could be named more mainstreamed, like only numbers? Many package systems/managers doesn't support naming version with "rc" (fewer understand if 1.0rc13 is before or after 1.0).
As I see it, miniupnpd is stable enough to deserve a 1.0.1 or 1.1 (or something like that) version number? :-)
Also, I'm maintaining the FreeBSD port of miniupnpd, in that relation it would be nice to have an "announcement service" (like a mailing list?) where new releases were announced? As I don't check this website everyday, that could help me with keeping the FreeBSD-port more current.
This is my first post on this forum, so I would like to thank all the developers for making and updating miniupnpd! |
|
Back to top |
|
|
Squat
Joined: 15 Jan 2008 Posts: 4 Location: Trondheim, Norway
|
Posted: Tue Jan 15, 2008 11:13 am Post subject: |
|
|
Do you know if miniupnpd is vulnerable for the security issues mention at:
www.gnucitizen.org/projects/hacking-the-interwebs/
?
Sorry, this was intended to be in the first post: but was splitted because I wasn't allowed to post URLs in my first port. |
|
Back to top |
|
|
miniupnp Site Admin
Joined: 14 Apr 2007 Posts: 1589
|
Posted: Wed Jan 16, 2008 9:03 am Post subject: Re: Security and version numbers of releases |
|
|
Squat wrote: | According to releases: Would be nice if the releases could be named more mainstreamed, like only numbers? Many package systems/managers doesn't support naming version with "rc" (fewer understand if 1.0rc13 is before or after 1.0).
As I see it, miniupnpd is stable enough to deserve a 1.0.1 or 1.1 (or something like that) version number?
|
I guess you are right, I should release the next version as 1.0
Squat wrote: | Also, I'm maintaining the FreeBSD port of miniupnpd, in that relation it would be nice to have an "announcement service" (like a mailing list?) where new releases were announced? As I don't check this website everyday, that could help me with keeping the FreeBSD-port more current. |
You can subscribe to http://freshmeat.net/projects/miniupnp/ _________________ Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
Back to top |
|
|
miniupnp Site Admin
Joined: 14 Apr 2007 Posts: 1589
|
Posted: Wed Jan 16, 2008 9:04 am Post subject: |
|
|
I have a timeout trying to reach this page.
Squat wrote: | Sorry, this was intended to be in the first post: but was splitted because I wasn't allowed to post URLs in my first port. |
It could be annoying for first time poster but it is pretty efficient against spambots ! _________________ Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
Back to top |
|
|
Squat
Joined: 15 Jan 2008 Posts: 4 Location: Trondheim, Norway
|
|
Back to top |
|
|
miniupnp Site Admin
Joined: 14 Apr 2007 Posts: 1589
|
Posted: Wed Jan 16, 2008 6:01 pm Post subject: |
|
|
I read the article. Indeed, miniupnpd could be vulnerable to such attack but the article does not explain how it is possible to get the URL to POST the SOAP request.
In the example given, this URL is hardcoded so the attack would have to be hardcoded with miniupnpd HTTP listening port and path. _________________ Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
Back to top |
|
|
miniupnp Site Admin
Joined: 14 Apr 2007 Posts: 1589
|
Posted: Wed Jan 16, 2008 6:28 pm Post subject: |
|
|
also forwarding to port 445 would normally be prohibited by a well written miniupnpd.conf _________________ Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
Back to top |
|
|
miniupnp Site Admin
Joined: 14 Apr 2007 Posts: 1589
|
Posted: Sun Jan 27, 2008 11:07 pm Post subject: |
|
|
MiniUPnPd version 1.0 was just released
it adds a "secure" mode in which clients can only redirect a port to their own ip.
next miniupnpd version will be 1.0.1 or 1.1 ... _________________ Main miniUPnP author.
https://miniupnp.tuxfamily.org/ |
|
Back to top |
|
|
|