Security Release (CVE-2016-6659 & CVE-2016-6816)

sreetummidi released this 14 Dec 23:40

· 3430 commits to develop since this release

63e2ef4

Please use this security release to patch the following CVEs

CVE-2016-6659 UAA Privilege Escalation
CVE-2016-6816 Apache Tomcat Information Disclosure
- Updated to Tomcat 8.0.39

Other Security Updates

Restrict to TLS v1.2 with the following ciphers:

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

Assets 2