5. What’s Fixed in 7.3.0 LTS

This section describes bugs fixed in Security Plugins 7.3.0 LTS. These are fixes since 7.2.0.

Security Plugins 7.3.0 LTS is a long-term support release that is built upon and includes all the fixes in releases 7.0.0, 7.1.0, and 7.2.0 (see Previous Releases). See the Connext Releases page on the RTI website for more information on RTI’s software release model.

[Critical]: System-stopping issue, such as a crash or data loss.
[Major]: Significant issue with no easy workaround.
[Minor]: Issue that usually has a workaround.
[Trivial]: Small issue, such as a typo in a log.

• 5.1. Interoperability
  • 5.1.1. [Critical] Wrong out-of-the-box Governance configuration for legacy Builtin Secure Logging topic *
  • 5.1.2. [Major] Builtin Security Plugins incompatible with Lightweight Builtin Security Plugins when using non-default cryptographic algorithms *
• 5.2. Discovery and Authentication
  • 5.2.1. [Critical] Participant discovery failed to complete after re-authentication when using SPDP2 *
  • 5.2.2. [Critical] Participants using SPDP2 failed to complete discovery if using Pre-Shared Key protection with domain tags *
  • 5.2.3. [Major] allow_unauthenticated_participants did not allow authenticated participant to replace unauthenticated one
  • 5.2.4. [Major] Participants with SPDP2 failed to complete discovery if using Lightweight Builtin Security Plugins or HMAC-only mode *
  • 5.2.5. [Major] Participants with SPDP2 and allow_unauthenticated_participants failed to communicate if authentication failed *
  • 5.2.6. [Major] Errors setting the RSA padding kind did not trigger a failure in signing or verifying DomainParticipant data *
  • 5.2.7. [Minor] Failure to announce lack of PSS Padding support when authentication.rsa_pss_pad property was FALSE *
• 5.3. Usability
  • 5.3.1. [Major] Incorrect information about cryptographic algorithms displayed in Admin Console *
• 5.4. Cryptography
  • 5.4.1. [Major] Non-random initial session ID for entities other than Secure Key Exchange Channel
  • 5.4.2. [Major] Memory leak when calling set_qos() without changing pre-shared key seed ID *
• 5.5. Cryptographic Algorithms
  • 5.5.1. [Major] Security Plugins for wolfSSL incorrectly propagated mask indicating support for Diffie-Hellman key establishment algorithm *
• 5.6. Dynamic Participant Renewal, Revocation, and Expiration
  • 5.6.1. [Critical] Invalid read when simultaneously changing a file and changing a property value for an identity certificate or CRL *
  • 5.6.2. [Critical] Invalid read when simultaneously changing an identity certificate file and authenticating another participant *
  • 5.6.3. [Minor] Changing identity certificate property from string to equivalent file not detected
• 5.7. Logging
  • 5.7.1. [Minor] DomainParticipants in same application may have have had different verbosities for logging security messages *
  • 5.7.2. [Trivial] Typo in “non-compliant DDS Security implementation” log message
• 5.8. Crashes
  • 5.8.1. [Critical] Security Plugins crashed when enabling pre-shared key protection after DomainParticipant creation *
  • 5.8.2. [Critical] Segmentation fault when running out of memory while calling custom OpenSSL allocator function *
  • 5.8.3. [Critical] Crash when polling a file and changing QoS from file to string *
  • 5.8.4. [Critical] Segmentation fault when running out of memory during creation of local crypto tokens
• 5.9. Hangs
  • 5.9.1. [Critical] Deadlock when simultaneously changing a file and changing a property value for an identity certificate *
• 5.10. Memory Leaks/Growth
  • 5.10.1. [Minor] Memory leak when running out of memory while validating permissions of local or remote DomainParticipants
  • 5.10.2. [Trivial] Memory leak when running Security Plugins SDK tester *
• 5.11. Vulnerabilities
  • 5.11.1. [Major] Pre-Shared Key Protection plus Cloud Discovery Service did not protect against Participant Announcement Replay attacks *

* This bug does not affect you if you are upgrading from 6.1.x or earlier.