[GH-ISSUE #3410] SSL/TLS协议信息泄露漏洞(CVE-2016-2183) #2729

New issue

Closed

opened 2026-05-05 13:45:30 -06:00 by gitea-mirror · 3 comments

gitea-mirror commented 2026-05-05 13:45:30 -06:00

Owner

Copy link

Originally created by @liupanhu on GitHub (Apr 14, 2023).
Original GitHub issue: https://github.com/fatedier/frp/issues/3410

Bug Description

版本 0.38.0
漏洞扫描发现上述问题。 请问需要怎么解决。

frpc Version

0.38.0

frps Version

0.38.0

System Architecture

linux/amd64

Configurations

[common]
bind_addr = 0.0.0.0
bind_port = 7000
bind_udp_port = 7001
kcp_bind_port = 7000
vhost_http_port = 8080
vhost_https_port = 3443
dashboard_addr = 0.0.0.0
dashboard_port = 7500
dashboard_user = admin
dashboard_pwd = tokentokentoken
log_file = ./frps.log
log_level = info
log_max_days = 3
token = token
allow_ports = 2000-3000,3001,3003,4000-50000
max_pool_count = 5
max_ports_per_client = 0
subdomain_host = xx.xxxxx.com
tcp_mux = true

Logs

No response

Steps to reproduce

...

Affected area

• Docs
• Installation
• Performance and Scalability
• Security
• User Experience
• Test and Release
• Developer Infrastructure
• Client Plugin
• Server Plugin
• Extensions
• Others

Originally created by @liupanhu on GitHub (Apr 14, 2023). Original GitHub issue: https://github.com/fatedier/frp/issues/3410 ### Bug Description  版本 0.38.0 漏洞扫描发现上述问题。 请问需要怎么解决。 ### frpc Version 0.38.0 ### frps Version 0.38.0 ### System Architecture linux/amd64 ### Configurations [common] bind_addr = 0.0.0.0 bind_port = 7000 bind_udp_port = 7001 kcp_bind_port = 7000 vhost_http_port = 8080 vhost_https_port = 3443 dashboard_addr = 0.0.0.0 dashboard_port = 7500 dashboard_user = admin dashboard_pwd = tokentokentoken log_file = ./frps.log log_level = info log_max_days = 3 token = token allow_ports = 2000-3000,3001,3003,4000-50000 max_pool_count = 5 max_ports_per_client = 0 subdomain_host = xx.xxxxx.com tcp_mux = true ### Logs _No response_ ### Steps to reproduce 1. 2. 3. ... ### Affected area - [ ] Docs - [ ] Installation - [ ] Performance and Scalability - [X] Security - [ ] User Experience - [ ] Test and Release - [ ] Developer Infrastructure - [ ] Client Plugin - [ ] Server Plugin - [ ] Extensions - [ ] Others

gitea-mirror 2026-05-05 13:45:30 -06:00

• closed this issue
• added the
  lifecycle/stale
  label

gitea-mirror commented 2026-05-05 13:45:33 -06:00

Author

Owner

Copy link

@liupanhu commented on GitHub (Apr 14, 2023):

7000端口，客户端注册端口，被漏扫检测出问题。

<!-- gh-comment-id:1508253979 --> @liupanhu commented on GitHub (Apr 14, 2023): 7000端口，客户端注册端口，被漏扫检测出问题。

gitea-mirror commented 2026-05-05 13:45:34 -06:00

Author

Owner

Copy link

@Becods commented on GitHub (Apr 15, 2023):

https://github.com/fatedier/frp/issues/3394

TLS 目前用是 golang 默认配置，默认不禁用 TLS 1.1。

可以考虑支持这个配置，来选择禁用的 TLS 版本，不过不确定禁用之后是不是会有兼容性问题。而且既然是 Golang 默认的行为，可能主要是出于兼容性的考虑，在大部分场景下应该都是可以接受的。

<!-- gh-comment-id:1509677521 --> @Becods commented on GitHub (Apr 15, 2023): https://github.com/fatedier/frp/issues/3394 > TLS 目前用是 golang 默认配置，默认不禁用 TLS 1.1。 > > 可以考虑支持这个配置，来选择禁用的 TLS 版本，不过不确定禁用之后是不是会有兼容性问题。而且既然是 Golang 默认的行为，可能主要是出于兼容性的考虑，在大部分场景下应该都是可以接受的。

gitea-mirror commented 2026-05-05 13:45:35 -06:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (May 16, 2023):

Issues go stale after 30d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.

<!-- gh-comment-id:1548797767 --> @github-actions[bot] commented on GitHub (May 16, 2023): Issues go stale after 30d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.

gitea-mirror referenced this issue 2026-05-05 14:45:27 -06:00

[PR #2729] [MERGED] add new sponsor #4614

gitea-mirror referenced this issue 2026-05-05 14:45:33 -06:00

[PR #2782] [MERGED] bump version #4622

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

dev

new

master

copilot/review-pull-request-5198

v0.68.1

v0.68.0

v0.67.0

v0.66.0

v0.65.0

v0.64.0

v0.63.0

v0.62.1

v0.62.0

v0.61.2

v0.61.1

v0.61.0

v0.60.0

v0.59.0

v0.58.1

v0.58.0

v0.57.0

v0.56.0

v0.55.1

v0.55.0

v0.54.0

v0.53.2

v0.53.1

v0.53.0

v0.52.3

v0.52.2

v0.52.1

v0.52.0

v0.51.3

v0.51.2

v0.51.1

v0.51.0

v0.50.0

v0.49.0

v0.48.0

v0.47.0

v0.46.1

v0.46.0

v0.45.0

v0.44.0

v0.43.0

v0.42.0

v0.41.0

v0.40.0

v0.39.1

v0.39.0

v0.38.0

v0.37.1

v0.37.0

v0.36.2

v0.36.1

v0.36.0

v0.35.1

v0.35.0

v0.34.3

v0.34.2

v0.34.1

v0.34.0

v0.33.0

v0.32.1

v0.32.0

v0.31.2

v0.31.1

v0.31.0

v0.30.0

v0.29.1

v0.29.0

v0.28.2

v0.28.1

v0.28.0

v0.27.1

v0.27.0

v0.26.0

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.1

v0.24.0

v0.23.3

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.0

v0.19.1

v0.19.0

v0.18.0

v0.17.0

v0.16.1

v0.16.0

v0.15.1

v0.15.0

v0.14.1

v0.14.0

v0.13.0

v0.12.0

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.1

v0.8.0

v0.7.0

v0.6.0

v0.5.0

v0.3.0

v0.2.0

v0.1.0

Labels

Clear labels   

In Progress

  

WIP

  

WaitingForInfo

  

bug

  

doc

  

duplicate

  

easy

  

enhancement

  

future

  

help wanted

  

invalid

  

lifecycle/stale

  

need-issue-template

  

need-usage-help

  

no plan

  

proposal

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

todo

No labels

In Progress

WIP

WaitingForInfo

bug

doc

duplicate

easy

enhancement

future

help wanted

invalid

lifecycle/stale

need-issue-template

need-usage-help

no plan

proposal

pull-request

question

todo

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/frp#2729

No description provided.