Bug#773140: unblock: rabbitmq-server/3.3.5-1.1

> rabbitmq-server maintainers, are there any other RC bugs that you're > planning to file on the package? No other RC bugs. I submitted https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773259, which I hope has an appropriate severity of important. I've asked a couple developers their opinion on

Bug#773259: XSS and response-splitting bugs in management plugin

Package: rabbitmq-server Version: 3.3.5-1 Severity: important RabbitMQ 3.4.1 fixes a couple of bugs in the management plugin that may have security implications. These can probably be considered less severe than the bug described here: https://groups.google.com/forum/#!topic/rabbitmq-users/DMkypb

Bug#773134: rabbitmq_management incorrectly trusts 'X-Forwarded-For' header

Package: rabbitmq-server Version: 3.3.5-1 Severity: serious RabbitMQ 3.3.0 introduced a mechanism (the 'loopback_users' configuration item) allowing access for some users to be restricted to only connect via localhost. By default the "guest" user is restricted in this way. Unfortunately, the HTT

Bug#753475: (no subject)

Hello, Thanks for logging this bug. This bug matches and existing bug in RabbitMQ's internal bugtracker. Best Regards, Blair -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org