Releases · concourse/concourse-bosh-release

Security, Fix
By default, Go allows for some weak algorithms that can potentially lead to security vulnerabilities. The Concourse web instance VM is affected by a vulnerability [https://www.tenable.com/plugins/nessus/71049] on port 2222 that is used for Worker communication. This vulnerability has been fixed by restricting SSH MAC algorithms to a smaller stricter set.

Proposal
SSH MAC algorithms have been restricted to a smaller set to fix a vulnerability with the Concourse web instance VM. By default, Golang allows for some weak algorithms that can potentially lead to security vulnerabilities on port 2222 that is used for Worker communication.

For more information, see SSH Weak MAC Algorithms Enabled in the Tenable documentation.

Compatibility Matrix

Concourse Version	RunC	PostgreSQL	Tested Stemcell	Supported Stemcell	Tested Credhub
v4.2.4	1.8.2	9.5+ External	Xenial 250.38	250.x	1.9.5

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Choose a tag to compare

Sorry, something went wrong.

Sorry, something went wrong.

Uh oh!

No results found

Uh oh!

Choose a tag to compare

Sorry, something went wrong.

Sorry, something went wrong.

Uh oh!

No results found

Uh oh!

Releases: concourse/concourse-bosh-release

v4.2.4

Uh oh!

v5.1.0

Uh oh!