ChatSecure v4.3.6
ChatSecure v4.3.6
This maintenance release contains an important update to the certificate pinning alert dialog. After updating to v4.3.6 you may see an alert asking you to re-verify your server’s SSL/TLS certificate.
Previously, the dialog would display ✅ Valid
if the certificate was valid for any domain. Additionally, it was then pinning the certificate to the connected domain (e.g. xmpp.example.com
from the SRV records), and not to the JID domain (e.g. example.com
).
If you are not automatically prompted to re-verify, you should manually re-verify your server’s certificates by going into Settings -> Pinned Certificates, delete the existing entries, and then reconnect.
Special thanks to Michel Le Bihan, for uncovering the flaw and quickly proposing a fix.
Release Notes
- Fix security issue in certificate pinning alert dialog, where any valid certificate would show as valid
- Fix crash when rapidly scrolling through chat history
- Fix issue where chat history is temporarily blank after sending a message
- Swift 4.2 / Xcode 10.1
- Updated 3rd party dependencies
- Other minor bug fixes
- Full release notes
- Changelog