From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from korolev.univ-paris7.fr (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]) by mail.toke.dk (Postfix) with ESMTPS id 4C4EDAD76F3 for ; Wed, 22 Jan 2025 00:06:32 +0100 (CET) Authentication-Results: mail.toke.dk; dkim=pass (2048-bit key; unprotected) header.d=irif.fr header.i=@irif.fr header.a=rsa-sha256 header.s=dkim-irif header.b=KBC3Mkbx Received: from potemkin.univ-paris7.fr (potemkin.univ-paris7.fr [IPv6:2001:660:3301:8000::1:1]) by korolev.univ-paris7.fr (8.14.4/8.14.4/relay1/82085) with ESMTP id 50LN6VSp010669 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Wed, 22 Jan 2025 00:06:31 +0100 Received: from mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [81.194.30.253]) by potemkin.univ-paris7.fr (8.14.4/8.14.4/relay2/82085) with ESMTP id 50LN6V31004775 for ; Wed, 22 Jan 2025 00:06:31 +0100 Received: from mailhub.math.univ-paris-diderot.fr (localhost [127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTP id D1C504F91C for ; Wed, 22 Jan 2025 00:06:31 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=irif.fr; h= content-type:content-type:mime-version:user-agent:subject :subject:from:from:message-id:date:date:received:received; s= dkim-irif; t=1737500790; x=1738364791; bh=O69xejpW3XfI/+l7UFDwUO ZRMblwNXSsKLbNpWwtyOM=; b=KBC3Mkbx9X8yjNICL2rEX5I8OCy+wnGIkNX1CJ nncb9bZJOYXIAzLKeOaYYXz5r6fpwCcGNnbgnWskASbvvvzs4s9H6sk4kpHcKi/K /cUyk9aYVhOaDqTpZuUl+5eC0+UnYn/EMZuf2Kj12OLvegsL1nVgd77FhjA13jsT rOKl/YSbTixGVASy0XPNLLuoN4L+qxSwwzQiP1/K5yhOQlSM5QERsm8ax1L2zVdD 7baxZ2PpSQdIn8YxAy22OM26aIozT1TP8IPbfMHnRaQIhJbui0A4TQNLi6iCAW6O VkNQ3pp2pGE+Bcr6gFKGJ7xL4jVltUEDYADBgcVlgorj3j3g== X-Virus-Scanned: amavisd-new at math.univ-paris-diderot.fr Received: from mailhub.math.univ-paris-diderot.fr ([127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id 71lXmW1HTdQz for ; Wed, 22 Jan 2025 00:06:30 +0100 (CET) Received: from pirx.irif.fr (89-64-69-77.dynamic.chello.pl [89.64.69.77]) (Authenticated sender: jch) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTPSA id 853214F822 for ; Wed, 22 Jan 2025 00:06:30 +0100 (CET) Date: Wed, 22 Jan 2025 00:06:28 +0100 Message-ID: <877c6n4vij.wl-jch@irif.fr> From: Juliusz Chroboczek To: galene@lists.galene.org User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/29.4 Mule/6.0 MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]); Wed, 22 Jan 2025 00:06:31 +0100 (CET) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (potemkin.univ-paris7.fr [194.254.61.141]); Wed, 22 Jan 2025 00:06:31 +0100 (CET) X-Miltered: at korolev with ID 67902877.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)! X-Miltered: at potemkin with ID 67902877.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)! X-j-chkmail-Enveloppe: 67902877.000 from potemkin.univ-paris7.fr/potemkin.univ-paris7.fr/null/potemkin.univ-paris7.fr/ X-j-chkmail-Enveloppe: 67902877.000 from mailhub.math.univ-paris-diderot.fr/mailhub.math.univ-paris-diderot.fr/null/mailhub.math.univ-paris-diderot.fr/ X-j-chkmail-Score: MSGID : 67902877.000 on korolev.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000 X-j-chkmail-Score: MSGID : 67902877.000 on potemkin.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000 X-j-chkmail-Status: Ham X-j-chkmail-Status: Ham Message-ID-Hash: GAH2TNSXVL7NSWXQ6BETSSMOCWCU5J5W X-Message-ID-Hash: GAH2TNSXVL7NSWXQ6BETSSMOCWCU5J5W X-MailFrom: jch@irif.fr X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list Subject: [Galene] ANNOUNCE: galene-0.96.2 List-Id: =?utf-8?q?Gal=C3=A8ne_videoconferencing_server_discussion_list?= Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Dear all, Galene 0.96.1 is available by doing git clone -b galene-0.96.1 https://github.com/jech/galene The main reason for this release is that it fixes a security issue, introduced in 0.96.1, that could cause us to erroneously grant access with an incorrect password. A mitigating factor is that only plaintext passwords are affected. If you've already upgraded to 0.96.1, please upgrade to 0.96.2 as soon as possible. This release also includes support for background blur under Safari, and some other security-related changes. -- Juliusz 21 January 2025: Galene 0.96.2 * Fix a bug, introduced in 0.96.1, that could cause plaintext passwords to be erroneously accepted even when incorrect. * Implement background blur on Safari. * Change the default hashing algorithm to bcrypt. We use a cost of 8 in order to keep hashing times under 25ms, even though 10 is currently the recommended minimum. * Limit the number of concurrent password hashing operations to the number of CPUs. This avoids using excessive memory when many users log in at the same time.