Skip to content

Releases: concourse/concourse-bosh-release

v4.2.4

03 May 12:55
@YoussB YoussB
v4.2.4
94d336f
Compare
Choose a tag to compare
v4.2.4 Latest
Latest

Security, Fix
By default, Go allows for some weak algorithms that can potentially lead to security vulnerabilities. The Concourse web instance VM is affected by a vulnerability [https://www.tenable.com/plugins/nessus/71049] on port 2222 that is used for Worker communication. This vulnerability has been fixed by restricting SSH MAC algorithms to a smaller stricter set.

Proposal
SSH MAC algorithms have been restricted to a smaller set to fix a vulnerability with the Concourse web instance VM. By default, Golang allows for some weak algorithms that can potentially lead to security vulnerabilities on port 2222 that is used for Worker communication.

For more information, see SSH Weak MAC Algorithms Enabled in the Tenable documentation.

Compatibility Matrix

Concourse Version RunC PostgreSQL Tested Stemcell Supported Stemcell Tested Credhub
v4.2.4 1.8.2 9.5+ External Xenial 250.38 250.x 1.9.5
Assets 2
Loading

v5.1.0

03 May 12:56
@YoussB YoussB
v5.1.0
3087471
Compare
Choose a tag to compare
v5.1.0

v5.1.0

Assets 2
Loading