Hacker News new | ask | show | jobs
by mistaken 1733 days ago
What worries me is that 2 months have passed since the vulnerability was fixed and yet there is no new version released which contains the patch... So you're exposed unless you build ZT from source.
3 comments
api 1732 days ago
The patch was on the roots and was applied within 6 hours of learning of the vulnerability. A new release wasn't needed since the issue was not in there.
link
m4lvin 1733 days ago
If the problem is in the ZT root servers, then the clients do not need to be patched, I guess?
link
mistaken 1726 days ago
A new packaged version is now available.

zerotier-one (1.6.6) unstable; urgency=medium

  * Backport endpoint mitigation against address collision attack.

 -- Adam Ierymenko <adam.ierymenko@zerotier.com>  Tue, 21 Sep 2021 01:00:00 -0700
link