Correction: 3.11.x users should upgrade to 3.11.10. 3.11.24 doesn’t exist. Yet.
> On 1 Feb 2021, at 18:22, Aleksey Yeschenko wrote:
>
> CVE-2020-17516: Apache Cassandra doesn't enforce encryption setting on
> inbound internode connections
>
> Severity:
> Important
>
> Vendor:
> The Apache Sof
This is fixed in config defaults in 3.11.10 or there is something else within
the code that fixes? (Are both patch and config change required?)
Can you share the Jira ticket? I'm not finding details on search.
Valerie
> On Feb 1, 2021, at 1:23 PM, Aleksey Yeschenko wrote:
>
> CVE-2020-17516:
CVE-2020-17516: Apache Cassandra doesn't enforce encryption setting on inbound
internode connections
Severity:
Important
Vendor:
The Apache Software Foundation
Versions Affected:
Cassandra 2.1.0 to 2.1.22
Cassandra 2.2.0 to 2.2.19
Cassandra 3.0.0 to 3.0.23
Cassandra 3.11.0 to 3.11.9
Descriptio
