5.1. What’s Fixed in 7.4.0

This section describes bugs fixed in Connext 7.4.0. These are fixes since 7.3.0 LTS.

Connext 7.4.0 is an early access release. See the Connext Releases page on the RTI website for more information on RTI’s software release model.

[Critical]: System-stopping issue, such as a crash or data loss.
[Major]: Significant issue with no easy workaround.
[Minor]: Issue that usually has a workaround.
[Trivial]: Small issue, such as a typo in a log.

5.1.1. Hangs

5.1.1.1. [Critical] Setting single_subscriber to false and use_wait_set to true led to a crash or hang during shutdown

This issue was fixed in 6.1.1, but not documented at that time.

Setting a persistence group’s single_subscriber to false and use_wait_set to true led to a crash on Windows systems and a hang on non-Windows systems after initiating the shutdown of Persistence Service (either by entering Ctrl-C or by calling the RTI_PersistenceService_stop function). This problem only affected releases 6.0.0 through 6.0.1.37, and release 6.1.0.

[RTI Issue ID PERSISTENCE-350]

5.1.2. Vulnerabilities

5.1.2.1. [Critical] Stack buffer write overflow while parsing malicious environment variable on non-Windows systems

An out-of-bounds write on the stack could occur while parsing a malicious environment variable on non-Windows systems.

5.1.2.1.1. User Impact without Security

A vulnerability in the Persistence Service application could have resulted in the following:

  • Stack buffer overflow while parsing a malicious environment variable on non-Windows systems.

  • Exploitable by overwriting the .environment file in the user’s home directory with a malicious .environment file.

  • Potential impact on integrity of Persistence Service application.

  • CVSS Base Score: 6.1 MEDIUM

  • CVSS v3.1 Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

5.1.2.1.2. User Impact with Security

Same impact as “User Impact without Security” above.

[RTI Issue ID PERSISTENCE-362]

5.1.3. Other

5.1.3.1. [Major] Configuring persistence group’s DataReader QoS to use indirect communication caused samples to not be received from user DataWriters

Setting a persistence group’s DataReader QoS durability.direct_communication to false did not work. For example:

<persistence_group name="HelloWorldGroup">
  <datareader_qos>
    <durability>
      <direct_communication>false</direct_communication>
    </durability>
  </datareader_qos>
</persistence_group>

Using the above configuration would have caused the DataReader associated with the persistence group to not receive samples from user DataWriters. This problem has been fixed by forcing the direct_communication of a persistence group DataReader to always be true, regardless of the QoS setting.

[RTI Issue ID PERSISTENCE-245]