Syncthing Community Forum

Regeneration of certificates required?

wweich January 24, 2016, 11:40am 2

You should be fine using the newest version. See:

Upcoming security release of Go General

The Go team has announced an upcoming security release of Go (1.5.3) for this Wednesday. We don’t know what it fixes, but it’s possible it affects Syncthing. If it does, we’ll release a new version built with 1.5.3 immediately. Those of you running the “official” releases with auto update will get it automatically. If you’re running Syncthing distributed by a third party you’ll need to check with them after confirming that an update is indeed necessary. We’ll announce here and on Twitter what h…

Security update - Syncthing v0.12.14 General

Continuing the discussion from Upcoming security release of Go: I’ve just pushed and built Syncthing v0.12.14. This build is built with Go 1.5.3, except for the Windows which is built using Go 1.6beta2. Go 1.5.3 / 1.6beta2 fixes the security issue described here, but the relevant part is: Specifically, incorrect results in one part of the RSA Chinese Remainder computation can cause the result to be incorrect in such a way that it leaks one of the primes. While RSA blinding should prevent an a…

1 Like

show post in topic

Home
Categories
Guidelines
Terms of Service
Privacy Policy

Powered by Discourse, best viewed with JavaScript enabled