Resolved security issues - SharpV OS 14.3.1 | SharpV

AutoVu™ SharpV OS Release Notes 14.3.1

Product
SharpV
Content type
Release notes
Version
14.3
Release
14.3.1
Language
English
Last updated
2024-05-07

The following issues are resolved in SharpV OS 14.3.0.

Issue Description
3689215 The HTTP services no longer support compression.
3689002 gRPC was removed from the Cuistot service.
3648353 The following changes were made to Diagnostics.zip:
  • The file no longer contains sensitive username, hostname, URL, or password information.
  • The file cannot be imported by the Sharp unit.
3635567 Updated System.Net.Http to version 4.3.4.
3622172 The HTTP/HTTPS extension must validate all HTTP/HTTPS URLs, DNS names, and IPv4/IPv6 addresses.
3622170 The FTP/SFTP extension must validate all FTP/SFTP URLs, DNS names, and IPv4/IPv6 addresses.
3514256 The following software packages were updated:
  • Grpc.AspNetCore 2.58.0
  • Grpc.Tools 2.59.0
3481608 Removed unused NuGet dependencies and updated versions of related dependencies.
3472586 XLTS for AngularJS has been upgraded to version 1.9.3.
3470845 The following software is no longer required and has been removed from the SharpV OS installation package.
  • xrdp (remote desktop)
  • XFCE
  • Xinitrc
  • ant-theme
  • arc-theme
  • freeglut
  • wayland
  • xorg-driver
  • xwit
3469190 Updated nth-check to version 2.1.1.
3469189 Updated xml2js to version 0.6.2.
3469188 The following software packages were updated:
  • Grpc.AspNetCore 2.55.0
  • Grpc.AspNetCore.Server 2.55.0
  • Grpc.AspNetCore.Server.ClientFactory 2.55.0
  • Grpc.Core.Api 2.55.0
  • Grpc.Net.Client 2.55.0
  • Grpc.Net.Client.Web 2.55.0
  • Grpc.Net.ClientFactory 2.55.0
  • Grpc.Tools 2.57.0
  • Google.Protobuf 3.24.1
3469186 The following software packages were updated:
  • @svgr/webpack 8.1.0
  • css-what 6.0.1
3469185 Updated crypto-js to version 4.2.0.
3469181
  • Removed the dependency on signalr 2.4.1.
  • The following software packages were updated:
    • @microsoft/signalr 5.0.17
    • tough-cookie 4.1.3
3468350 Removed password information from packages used by create-user-key-store.sh.
3468349 Removed password information from packages used by CertificateHandler.
3468337 Removed default Sharp password information from source files.
3467877 Added cookie encryption in the Sharp Portal and in the Cuistot startup.
3467665 The jwtkey.txt file is now encrypted.
3417495 LPM protocol logic now use System.Net.Http version 4.3.4.
3415483 The Menulibre.2.2.1.tgz package was removed.
3415003 The following software packages were updated:
  • karma-coverage 2.2.0
  • json5 2.2.3
3415001 The following software packages were updated:
  • Google.Protobuf 3.22.4
  • Grpc.AspNetCore 2.53.0
  • Grpc.Tools 2.54.0
  • Grpc.Net.Client 2.53.0
  • Grpc.Core 2.46.6
  • Grpc.AspNetCore.Server.ClientFactory 2.53.0
  • Grpc.Net.Client.Web 2.53.0
  • Grpc.Net.ClientFactory 2.53.0
  • Grpc.AspNetCore.Server 2.53.0
3414999 Updated System.Text.RegularExpression to version 4.3.4.
3414996 The System.Data.SqlClient package was removed.
3412775 SharpOS now validates the provided IP address (v4 or v6) or hostname. On startup, the time server is configured only if the UserConfig is set with a valid TimeServer address.
3345230 The donet/runtime 5.0.17 package was removed.
3345229 The Genetec and Sharp.Infrastructure.Persistence projects were configured to use System.Text.RegularExpression version 4.3.1.
2902647 Syslog client now use the TLS 1.2 and TLS 1.3 protocols only.