Description of problem: The current version 1.0.43 does not allow you to shut off TLS 1.0 making this a security issue. Version 1.0.45 fixes this. Please upgrade ASAP. Version-Release number of selected component (if applicable): 1.0.43 How reproducible: 100% Steps to Reproduce: 1. Run it and log in with TLS v1.0 2. 3. Actual results: Expected results: TLS v1.0 is considered not secure and should be shut off or allowed to be shut off. Additional info:
Shutting off v1.0 is required for PCI compliance so this is a pretty big security issue.
Hi, I'm one of the pure-ftpd maintainers in Fedora. I'm planning to do this, but was holding it off, because there was a regression report in Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1490354 Hopefully that's resolved now, so I think I'll do the rebase (straight to 1.0.47) in the coming days.
pure-ftpd-1.0.47-1.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-675ebc0315
pure-ftpd-1.0.47-1.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-675ebc0315
pure-ftpd-1.0.47-2.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-675ebc0315
pure-ftpd-1.0.47-2.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-675ebc0315
pure-ftpd-1.0.47-2.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.