Skip to content

v1.4.3

Compare
Choose a tag to compare
@FZambia FZambia released this 05 Apr 16:52
· 1015 commits to master since this release

Fix of security vulnerability introduced in v1.4.2, see below.

  • If you are using Centrifugo v1.4.2 (previous versions not affected) with admin socket enabled (with --admin or --web options) and your admin endpoint not protected by firewall somehow then you must update to this version. Otherwise it's possible to connect to admin websocket endpoint and run any command without authentication. It's recommended to update your secret key after upgrade. So sorry for this.