-
Notifications
You must be signed in to change notification settings - Fork 368
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bugfix release 2.7.4 - Available ❗❗❗ Fixes CVE-2022-39368 ❗❗❗ #2071
Comments
The 2.7.4 bugfix release is available on Maven Central and the Eclipse Repository. The tools and actinium are not released for 2.7.4, please use the 3.6.0 release of them. |
❗❗❗ Important Note: ❗❗❗ This bugfix is required for all users of Californium 2.0.0 - 2.7.3, which are using DTLS! It provides the fix for |
https://mvnrepository.com/artifact/org.eclipse.californium/element-connector-tcp-netty |
Thanks for reporting that, the deploy job doesn't contain it. Californium users are requested long ago to update to 3.x.y, current version is 3.7.0 Just to mention: |
Okay, thanks. |
You can't use the 2.7 either. Using Exchange without SerialExecutor is not supported!
2.7.x is not maintained (see security policy). |
Version 2.7.5 has not been released. |
I will try to update the netty dependency and if successful, I can release a 2.7.5 with that tcp-modul. |
Let me try again, that you give us more information about your experience with the approach replacing the executor. My arguments not open the 3.x API is, that I don't go to test that with quite a lot of different scenarios. |
Yes, it works for me. I've been using californium for over 6 years in a CoAP over TCP scenario for my project. Without this API, it's hard for me to upgrade to version 3.X It would be nice for me to open up the API to allow setting null to Exchange.executor. You can add comments or annotation to these APIs to warn users not to use them unless necessary.So I can upgrade to version 3.X |
Thanks for that feedback. |
See PR #2153 about null as Executor for Exchanges. |
See 2.7.4 for details.
The text was updated successfully, but these errors were encountered: