+ |
- CVE-2021-32917 can be mitigated by configuring 'proxy65_acl' to a list of XMPP domains that should be allowed to use the file transfer proxy. |
+ |
|
+ |
- CVE-2021-32918 can be partly mitigated using stricter settings for stanza size limits, rate limits and garbage collection parameters, see the referenced upstream advisory for more details. |
+ |
|
+ |
- CVE-2021-32919 can be mitigated by removing or disabling the ‘dialback_without_dialback’ option. |
+ |
|
+ |
- CVE-2021-32920 can be mitigated by setting the following ssl option (or add to your existing one if you have one): |
+ |
|
+ |
ssl = { |
+ |
options = { |
+ |
no_renegotiation = true; |
+ |
} |
+ |
} |
+ |
|
+ |
- CVE-2021-32921 can partly be mitigated by enabling and configuring rate limits through mod_limits in order to lengthen the amount of time required to successfully complete a timing attack. |