[zeromq-dev] Security downgrade attacks in 4.0.5, 4.1.0

Pieter Hintjens ph at imatix.com
Fri Dec 5 09:13:44 CET 2014

Hi all,

@MinRK reported and fixed a downgrade attack in the 4.0.5 stable
release of libzmq, and the 4.1.0 RC1. See

The fix is on libzmq master, and also on zeromq4-x and zeromq4-1 masters.

When I get some confirmation that these two masters look OK, I'll make
new packages with the releases.

For 4.1 RC2, if anyone has specific fixes to libzmq master they still
want to backport, please raise a hand, or make the usual pull


More information about the zeromq-dev mailing list