Currently, GitHub security advisories is not activated on eclipse projects.
To report a vulnerability, your need to open a bugzilla ticket.
For more details, please look at https://www.eclipse.org/security/.
Version | Supported |
---|---|
3.6.0-SNAPSHOT (master) | ✔️ |
3.5.0 | ✔️ |
3.4.0, 3.3.1, 3.2.0, 3.1.0, 3.0.0 | ❓ |
2.7.2 | ❓ |
2.6.6, 2.5.0, 2.4.1, 2.3.1, 2.2.3, 2.1.0, 2.0.0 |
❓ |
before 2.0.0 | ❌ |
✔️ development version / current release - all bugfixes will be applied
❓ the previous (bugfix-)releases - update to the current release is recommended. On exceptions, specific bugfixes may be applied on request. (Create a vulnerability report with the requested vulnerability fix and the (bugfix-)version.)
❌ old releases, milestone releases - usually no bugfixes are applied there.
Californium Version | Dependency | Affected Version | Usage | Vulnerability |
---|---|---|---|---|
< 3.6 < 2.7.3 |
com.google.code.gson | < 2.8.9 | demo-apps | CVE 2022-25647 |
< 3.3 < 2.7.2 |
com.upokecenter.cbor | 4.0 - 4.5.0 | cf-oscore demo-apps |
GHSA-fj2w-wfgv-mwq6 |
< 3.2 < 2.7.1 |
ch.qos.logback.logback-classic | < 1.2.9 | demo-apps | CVE-2021-42550 |
Californium Version | Dependency | Affected Version | Usage | Vulnerability |
---|---|---|---|---|
< 3.5 | JDK / JCE | <= 15.0.2? <= 16.0.2? < 17.0.3 < 18.0.1 |
execution environment | ECDSA CVE-2022-21449 |