View Issue Details

IDProjectCategoryView StatusLast Update
00025843 - Current Dev ListMaintenancepublic2019-06-13 14:38
ReporterK7ZCZAssigned ToK7ZCZ 
PrioritynormalSeverityminorReproducibilityalways
Status assignedResolutionopen 
PlatformIntel i7-5960XOSWindows 10 Professional x64OS Version1703
Product Version6.4.0.794 
Target VersionFixed in Version 
Summary0002584: update to new version of Polar TLS library
DescriptionThe HRDLogbookSMTP DLL shipped in the product uses the Polar library to implement TLS and SSL for communicating with email servers. The version of this library used in the product is 1.1.4.

This version is quite ancient and no longer supported. Polar has been renamed to mbed TLS and taken over by ARM Holdings. The current version is 2.7 and was released in February of 2018.

We only use this library in one place, but the use is related to user data security. There are a few severe security issues with the version of the library we're using, so we should upgrade to a current version to help avoid risk.



Additional Informationhttps://www.cvedetails.com/vulnerability-list/vendor_id-12001/product_id-22470/version_id-141830/Polarssl-Polarssl-1.1.4.html

https://tls.mbed.org/download-archive
TagsNo tags attached.
ModuleLogbook
Sub-Module(select)
TestingNot Started

Relationships

related to 0002658 feedbackK7ZCZ 1 - Backlog DX Cluster E-mail alarm Error:Warning:ssl_verify ! self-signed or not signed by a trusted CA 

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2018-03-08 14:36 K7ZCZ New Issue
2018-03-08 14:36 K7ZCZ Status new => assigned
2018-03-08 14:36 K7ZCZ Assigned To => K7ZCZ
2019-03-21 15:14 K7ZCZ Relationship added related to 0002658
2019-06-13 14:38 K7ZCZ Description Updated View Revisions
2019-06-13 14:38 K7ZCZ Additional Information Updated View Revisions
2019-06-13 14:38 K7ZCZ Module (select) => Logbook