- |
- CVE-2021-32917 can be mitigated by configuring 'proxy65_acl' to a list of XMPP domains that should be allowed to use the file transfer proxy. |
+ |
- CVE-2021-32917 can be mitigated by configuring 'proxy65_acl' to a |
+ |
list of XMPP domains that should be allowed to use the file transfer |
+ |
proxy. |
|
|
- |
- CVE-2021-32918 can be partly mitigated using stricter settings for stanza size limits, rate limits and garbage collection parameters, see the referenced upstream advisory for more details. |
+ |
- CVE-2021-32918 can be partly mitigated using stricter settings for |
+ |
stanza size limits, rate limits and garbage collection parameters, see |
+ |
the referenced upstream advisory for more details. |
|
|
- |
- CVE-2021-32919 can be mitigated by removing or disabling the ‘dialback_without_dialback’ option. |
+ |
- CVE-2021-32919 can be mitigated by removing or disabling the |
+ |
‘dialback_without_dialback’ option. |
|
|
- |
- CVE-2021-32920 can be mitigated by setting the following ssl option (or add to your existing one if you have one): |
+ |
- CVE-2021-32920 can be mitigated by setting the following ssl option |
+ |
(or add to your existing one if you have one): |
|
|
|
ssl = { |
|
options = { |
|
no_renegotiation = true; |
|
} |
|
} |
|
|
- |
- CVE-2021-32921 can partly be mitigated by enabling and configuring rate limits through mod_limits in order to lengthen the amount of time required to successfully complete a timing attack. |
+ |
- CVE-2021-32921 can partly be mitigated by enabling and configuring |
+ |
rate limits through mod_limits in order to lengthen the amount of time |
+ |
required to successfully complete a timing attack. |