You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Check of max payload could be bypassed if size overruns an int 32. Note that the client would first have to be authorized to connect. This fix is for CVE-2019-13126. Thanks to Aviv Sasson and Ariel Zelivansky from Twistlock for the security report (#1053)
Sending to client libraries an updated MaxPayload through INFO protocol when a bound account's MaxPayload is not the same as the server the client is connected to (#1059)
Subscriptions were not propagated correctly upon new leafnode joining the network. Thanks to @antmanler for the report and fix! (#1067)
Prevent multiple solicited leafnodes from forming cycles. Thanks to @ripienaar for the report (#1070)
Report possible error starting the monitoring port. Thanks to @andyxning for the contribution (#1064)
Allow use of insecure for remote leafnode and gateways again. Thanks to @ripienaar for the report (#1071, #1073)
Report authorization error and use TLS hostname for IPs on leafnodes (#1072)
Leafnode URLs may be missing in INFO protocol sent to Leafnodes connections (#1074)
Server now read pending data on closed connection to be able to report error (for instance in case of an authorization error sent by remote server) (#1075)