1.4.3

FZambia · FZambia · commit 81972f1e3ac3 · 2016-04-05T19:57:19.000+03:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,11 @@
+v1.4.3
+======
+
+**Fix of security vulnerability introduced in v1.4.2**, see below.
+
+* If you are using Centrifugo v1.4.2 (previous versions not affected) with admin socket enabled (with `--admin` or `--web` options) and your admin endpoint not protected by firewall somehow then you must update to this version. Otherwise it's possible to connect to admin websocket endpoint and run any command without authentication. It's recommended to update your secret key after upgrade. So sorry for this.
+
+
 v1.4.2
 ======
 
diff --git a/Dockerfile b/Dockerfile
@@ -1,8 +1,8 @@
 FROM centos:7
 
-ENV VERSION 1.4.2
+ENV VERSION 1.4.3
 
-ENV CENTRIFUGO_SHA256 dded40f45c7f8ceab43d193cd9f72bc2eaa4fcf50637cf2545298c99f2b3f37f
+ENV CENTRIFUGO_SHA256 b073c5ca86d8e35181291dfbfa40763d314b91601914b0035db95cbc6eba6b6e
 
 ENV DOWNLOAD https://github.com/centrifugal/centrifugo/releases/download/v$VERSION/centrifugo-$VERSION-linux-amd64.zip
 
diff --git a/version.go b/version.go
@@ -2,5 +2,5 @@ package main
 
 const (
 	// VERSION of Centrifugo server.
-	VERSION = "1.4.2"
+	VERSION = "1.4.3"
 )

Original file line number	Diff line number	Diff line change
`@@ -2,5 +2,5 @@ package main`
`2`	`2`
`3`	`3`	`const (`
`4`	`4`	`// VERSION of Centrifugo server.`
`5`		`- VERSION = "1.4.2"`
	`5`	`+ VERSION = "1.4.3"`
`6`	`6`	`)`