You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Sessions in Cdm.open() are now initialized with a unique session number.
Android Cdm Devices now use a Request ID formula similar to OEMCrypto library when generating a Challenge.
This formula has yet to be fully confirmed and ironed out, but it is closer than the Chrome Cdm formula.
Device no longer throws ValueError exceptions on DecodeErrors if it fails to parse the provided Client ID, or
it's VMP data if any. It will now re-raise DecodeError.
Fixed
Parsed Proto Messages now go through an elaborate yet efficient verification, it must parse and serialize back to it's
received form, byte-for-byte, or it will be rejected.
This prevents protobuf from parsing a message that could be a different message depending on the starting bytes.
It was possible to bypass some minor checks by providing specially crafted messages that parsed as other messages.
However, I haven't noticed any way where this would lead to a vulnerability or anything bad. It mostly just lead to
Serve API crashes or just rejected messages down the chain as they wouldn't have the right data within them.
