Security, Fix
By default, Go allows for some weak algorithms that can potentially lead to security vulnerabilities. The Concourse web instance VM is affected by a vulnerability [https://www.tenable.com/plugins/nessus/71049] on port 2222 that is used for Worker communication. This vulnerability has been fixed by restricting SSH MAC algorithms to a smaller stricter set.
Proposal
SSH MAC algorithms have been restricted to a smaller set to fix a vulnerability with the Concourse web instance VM. By default, Golang allows for some weak algorithms that can potentially lead to security vulnerabilities on port 2222 that is used for Worker communication.
For more information, see SSH Weak MAC Algorithms Enabled in the Tenable documentation.
Compatibility Matrix
| Concourse Version | RunC | PostgreSQL | Tested Stemcell | Supported Stemcell | Tested Credhub |
|---|---|---|---|---|---|
| v4.2.4 | 1.8.2 | 9.5+ External | Xenial 250.38 | 250.x | 1.9.5 |