Category: security

News and posts from security category

CVE-2014-9390

Posted on 2014-12-23 by Sebastian Sdorra


CVE-2014-9390 affects git systems on case-insensitive filesystems, such as Windows and Mac OS. For more informations of CVE-2014-9390 please have a look at the git mailing list.

There are only two parts of SCM-Manager which are affected by CVE-2014-9390, the new import…


Posted in scm-manager, security


SCM-Manager and the POODLE vulnerability

Posted on 2014-10-18 by Sebastian Sdorra


If you are using scm-server with a configured https connector, please be sure that you exclude the SSLv3 protocol to avoid the POODLE vulnerability.

Add the following xml elements to your https connector in your server-config.xml:

<Arg>
  <New class="org.eclipse.jetty.http.ssl.SslContextFactory">
    <Set name="excludeProtocols">
      <Array type="java.lang.String">
        <Item>SSLv2Hello</Item>
        <Item>SSLv3</Item>
      </Array>
    </Set>
  </New>
</Arg>

The complete connector section should now be…


Posted in scm-manager, security