)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"343a991bfe7c79def960136ffc919990fd3b6eac","unresolved":true,"context_lines":[{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Do not underestimate number of encrypted/decrypted  AEAD blocks"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"Even thought the current code typically counts all the encrypted/decrypted"},{"line_number":10,"context_line":"traffic, this is only the case because of the specific implementation"},{"line_number":11,"context_line":"of OpenSSL at the moment."},{"line_number":12,"context_line":""}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"a141389a_c2889698","line":9,"updated":"2025-11-07 12:59:15.000000000","message":"\"though\"","commit_id":"9a3134b9b3bd6b5bbe84169de58b5d0b8c3e4286"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"642fa1c06e4c1cd7d16836d198940318bbb48530","unresolved":false,"context_lines":[{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Do not underestimate number of encrypted/decrypted  AEAD blocks"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"Even thought the current code typically counts all the encrypted/decrypted"},{"line_number":10,"context_line":"traffic, this is only the case because of the specific implementation"},{"line_number":11,"context_line":"of OpenSSL at the moment."},{"line_number":12,"context_line":""}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"4e5730c1_4e0377f5","line":9,"in_reply_to":"a141389a_c2889698","updated":"2025-11-07 14:30:22.000000000","message":"Done","commit_id":"9a3134b9b3bd6b5bbe84169de58b5d0b8c3e4286"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"343a991bfe7c79def960136ffc919990fd3b6eac","unresolved":true,"context_lines":[{"line_number":13,"context_line":"Instead of counting the length returned by one call only, count all"},{"line_number":14,"context_line":"the encrypted/decrypted bytes."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"Other implementations that AES-GCM (like IPSec, MacSEC, TLS 1.2) currently"},{"line_number":17,"context_line":"do not honour these usage limits at all. So this currently not something"},{"line_number":18,"context_line":"that I consider to be security vulnerability since currently this something"},{"line_number":19,"context_line":"that enhances security but is not yet required so to say."}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"cd75af22_24654220","line":16,"updated":"2025-11-07 12:59:15.000000000","message":"\"that use\" ?","commit_id":"9a3134b9b3bd6b5bbe84169de58b5d0b8c3e4286"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"642fa1c06e4c1cd7d16836d198940318bbb48530","unresolved":false,"context_lines":[{"line_number":13,"context_line":"Instead of counting the length returned by one call only, count all"},{"line_number":14,"context_line":"the encrypted/decrypted bytes."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"Other implementations that AES-GCM (like IPSec, MacSEC, TLS 1.2) currently"},{"line_number":17,"context_line":"do not honour these usage limits at all. So this currently not something"},{"line_number":18,"context_line":"that I consider to be security vulnerability since currently this something"},{"line_number":19,"context_line":"that enhances security but is not yet required so to say."}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"1d3f5c6b_16348d97","line":16,"in_reply_to":"cd75af22_24654220","updated":"2025-11-07 14:30:22.000000000","message":"Done","commit_id":"9a3134b9b3bd6b5bbe84169de58b5d0b8c3e4286"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"343a991bfe7c79def960136ffc919990fd3b6eac","unresolved":true,"context_lines":[{"line_number":14,"context_line":"the encrypted/decrypted bytes."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"Other implementations that AES-GCM (like IPSec, MacSEC, TLS 1.2) currently"},{"line_number":17,"context_line":"do not honour these usage limits at all. So this currently not something"},{"line_number":18,"context_line":"that I consider to be security vulnerability since currently this something"},{"line_number":19,"context_line":"that enhances security but is not yet required so to say."},{"line_number":20,"context_line":""}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"2ce4762d_48224900","line":17,"updated":"2025-11-07 12:59:15.000000000","message":"That whole last sentence is difficult to parse, mostly because of redundancies. Maybe something like: \"So the absence of usage limit enforcement is not currently considered a security vulnerability, yet.\"","commit_id":"9a3134b9b3bd6b5bbe84169de58b5d0b8c3e4286"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"642fa1c06e4c1cd7d16836d198940318bbb48530","unresolved":false,"context_lines":[{"line_number":14,"context_line":"the encrypted/decrypted bytes."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"Other implementations that AES-GCM (like IPSec, MacSEC, TLS 1.2) currently"},{"line_number":17,"context_line":"do not honour these usage limits at all. So this currently not something"},{"line_number":18,"context_line":"that I consider to be security vulnerability since currently this something"},{"line_number":19,"context_line":"that enhances security but is not yet required so to say."},{"line_number":20,"context_line":""}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"fb7f9781_43ee9b19","line":17,"in_reply_to":"2ce4762d_48224900","updated":"2025-11-07 14:30:22.000000000","message":"Done","commit_id":"9a3134b9b3bd6b5bbe84169de58b5d0b8c3e4286"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"d5b5a55b4764c4cb2a8c069cc74011156fb1f192","unresolved":true,"context_lines":[{"line_number":14,"context_line":"the encrypted/decrypted bytes."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"Other implementations that use AES-GCM (like IPSec, MacSEC, TLS 1.2) currently"},{"line_number":17,"context_line":"do not honour these usage limits at all. So this currently not something"},{"line_number":18,"context_line":"that I consider to be security vulnerability. In the current state"},{"line_number":19,"context_line":"implementations/protocol that lack this feature all together are also"},{"line_number":20,"context_line":"not considered vulnerable."}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"09bd77c7_4735a9a9","line":17,"updated":"2025-11-07 14:34:19.000000000","message":"\"this is\"","commit_id":"8e6836bce91d97731d9827084578a2bf8842f9aa"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"70d68a939cee14fa7600f62c148b6af5bc07d8e5","unresolved":false,"context_lines":[{"line_number":14,"context_line":"the encrypted/decrypted bytes."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"Other implementations that use AES-GCM (like IPSec, MacSEC, TLS 1.2) currently"},{"line_number":17,"context_line":"do not honour these usage limits at all. So this currently not something"},{"line_number":18,"context_line":"that I consider to be security vulnerability. In the current state"},{"line_number":19,"context_line":"implementations/protocol that lack this feature all together are also"},{"line_number":20,"context_line":"not considered vulnerable."}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"0812d9e2_08140794","line":17,"in_reply_to":"09bd77c7_4735a9a9","updated":"2025-11-10 11:11:14.000000000","message":"Done","commit_id":"8e6836bce91d97731d9827084578a2bf8842f9aa"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"d5b5a55b4764c4cb2a8c069cc74011156fb1f192","unresolved":true,"context_lines":[{"line_number":15,"context_line":""},{"line_number":16,"context_line":"Other implementations that use AES-GCM (like IPSec, MacSEC, TLS 1.2) currently"},{"line_number":17,"context_line":"do not honour these usage limits at all. So this currently not something"},{"line_number":18,"context_line":"that I consider to be security vulnerability. In the current state"},{"line_number":19,"context_line":"implementations/protocol that lack this feature all together are also"},{"line_number":20,"context_line":"not considered vulnerable."},{"line_number":21,"context_line":""}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"7ee7fb5b_664c0294","line":18,"updated":"2025-11-07 14:34:19.000000000","message":"\"a security vulnerability\"","commit_id":"8e6836bce91d97731d9827084578a2bf8842f9aa"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"70d68a939cee14fa7600f62c148b6af5bc07d8e5","unresolved":false,"context_lines":[{"line_number":15,"context_line":""},{"line_number":16,"context_line":"Other implementations that use AES-GCM (like IPSec, MacSEC, TLS 1.2) currently"},{"line_number":17,"context_line":"do not honour these usage limits at all. So this currently not something"},{"line_number":18,"context_line":"that I consider to be security vulnerability. In the current state"},{"line_number":19,"context_line":"implementations/protocol that lack this feature all together are also"},{"line_number":20,"context_line":"not considered vulnerable."},{"line_number":21,"context_line":""}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"5e7d9c19_4de9b80f","line":18,"in_reply_to":"7ee7fb5b_664c0294","updated":"2025-11-10 11:11:14.000000000","message":"Done","commit_id":"8e6836bce91d97731d9827084578a2bf8842f9aa"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"d5b5a55b4764c4cb2a8c069cc74011156fb1f192","unresolved":true,"context_lines":[{"line_number":16,"context_line":"Other implementations that use AES-GCM (like IPSec, MacSEC, TLS 1.2) currently"},{"line_number":17,"context_line":"do not honour these usage limits at all. So this currently not something"},{"line_number":18,"context_line":"that I consider to be security vulnerability. In the current state"},{"line_number":19,"context_line":"implementations/protocol that lack this feature all together are also"},{"line_number":20,"context_line":"not considered vulnerable."},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"Reported by: \u003cstephan@srlabs.de\u003e"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"82e17f8a_521e59c5","line":19,"updated":"2025-11-07 14:34:19.000000000","message":"\"altogether\"","commit_id":"8e6836bce91d97731d9827084578a2bf8842f9aa"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"70d68a939cee14fa7600f62c148b6af5bc07d8e5","unresolved":false,"context_lines":[{"line_number":16,"context_line":"Other implementations that use AES-GCM (like IPSec, MacSEC, TLS 1.2) currently"},{"line_number":17,"context_line":"do not honour these usage limits at all. So this currently not something"},{"line_number":18,"context_line":"that I consider to be security vulnerability. In the current state"},{"line_number":19,"context_line":"implementations/protocol that lack this feature all together are also"},{"line_number":20,"context_line":"not considered vulnerable."},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"Reported by: \u003cstephan@srlabs.de\u003e"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"b5d24397_2efc8cfc","line":19,"in_reply_to":"82e17f8a_521e59c5","updated":"2025-11-10 11:11:14.000000000","message":"Done","commit_id":"8e6836bce91d97731d9827084578a2bf8842f9aa"}]}