[jcifs] jcifs-1.3.19 released / NTLMv2 Initiator Security Vulnerability Fixed

Michael B Allen ioplex at gmail.com
Fri Dec 22 00:56:39 UTC 2017

False Alarm: This does NOT affect the acceptor. It affects the
initiator which is much less interesting.

The corrected release note is:

This release fixes what is believed to be a moderate security issue.
All NTLM initiators / clients using JCIFS should upgrade their JCIFS
jar. Credit goes to Moritz Bechler for identifying and reporting this

Note: It was previously believed that this issue affected the acceptor
which would have been much more serious. It does not affect the
acceptor / servers.

More information about the jCIFS mailing list