| [cf-dev] Californium - Bugfix Version 2.6.1 is released - CVE-2020-27222 |
Dear Californians, the bugfix version 2.6.1 is released and available at the Eclipse Repo and on Maven Central. Note: this bugfix is required for all users of Californium 2.3.0 - 2.6.0, which are using DTLS RPK/x509 for authentication! It provides the fix for https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27222 Changes in DTLS: - bugfix Move certificate supported check to local field. (See also CVE-2020-27222) Changes in CoAP: - Reduce synchronization in blockwise layer. - Reduce and reorder sync section in blockwise layer. Changes in element-connector: • (configurable) Remove jobs on cancel from ScheduledThreadPoolExecutor. You may fetch the selected binary core artefacts from Maven Central [2] or all binary artefacts, including Californium.Tools and Californium.Actinium, from the Eclipse Repository [3]. Feedback and questions are very welcome! You’re invited to use github issues [4] for everything ☺. You use Californium and want to be listed as adopter on the project page and [5]? Just fill out a PR as explained in [6]. [1] https://projects.eclipse.org/projects/iot.californium/releases/2.6.1 [2] https://search.maven.org/search?q=g:org.eclipse.californium%20v:2.6.1 [3] https://repo.eclipse.org/content/groups/californium/org/eclipse/californium/ [4] https://github.com/eclipse/californium/issues [5] https://iot.eclipse.org/adopters/ [6] https://github.com/EclipseFdn/iot.eclipse.org#project-adopters Mit freundlichen Grüßen / Best regards Achim Kraus Bosch IoT Hub - Product Area IoT Platform (IOC/PAP-HU) Bosch.IO GmbH | Stuttgarter Straße 130 | 71332 Waiblingen | GERMANY | www.bosch.io Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B Aufsichtsratsvorsitzender: Dr.-Ing. Thorsten Lücke; Geschäftsführung: Dr. Stefan Ferber, Dr. Aleksandar Mitrovic, Yvonne Reckling