[Announcement] v1.3.1 Patch Release

15 views
Skip to first unread message

Julius Pfrommer

unread,
Jun 7, 2022, 3:12:17 AMJun 7
to open62541
We just tagged the v1.3.1 patch release.
Thanks to all the contributors whose work went into the release.

Note that this patch release fixes a potential denial of service attack (reported by Team82 / Claroty). The default configuration previously allowed messages to have an arbitrary size (number of chunks).

The release notes are below.
You can find the tarball as usual on Github.

https://github.com/open62541/open62541/releases/tag/v1.3.1

Regards, Julius

---

This is the first patch release for the 1.3 release family of open62541.
There were only bugfixes and no API-breaking changes applied for the patch release.
Changes compared to the previous release include:

  • refactor(plugin): Transition mbedTLS to the API for both v2 and v3
  • fix(client): Replace the nonce with the ActivateSessionResponse
  • fix(plugin): Add default limits for chunks and message size

Note that this patch release fixes a potential denial of service attack (reported by Team82 / Claroty).
The default configuration previously allowed messages to have an arbitrary size (number of chunks).

open62541 (http://open62541.org/) is an open source and free implementation of OPC UA (OPC Unified Architecture) written in the common subset of the C99 and C++98 languages. The library is usable with all major compilers and provides the necessary tools to implement dedicated OPC UA clients and servers, or to integrate OPC UA-based communication into existing applications. The open62541 library is platform independent. All platform-specific functionality is implemented via exchangeable plugins. Plugin implementations are provided for the major operating systems.

open62541 is licensed under the Mozilla Public License v2.0 (MPLv2). This allows the open62541 library to be combined and distributed as part of proprietary software. Only changes to the files of the open62541 library itself need to be licensed under the MPLv2 when copied and distributed. The plugins, as well as the server and client examples are in the public domain (CC0 license). They can be reused under any license and changes do not have to be published.

New features compared to the previous release series 1.2 include:

  • Support for OPC UA PubSub encryption (also TPM-based key handling)
  • Session authentication with x509 certificates (server-side)
  • Support for Event Filters
  • Support for Server Diagnostics
  • Binary/JSON encoding as a stable public API
  • Handling of Subscriptions with different priority
  • Greatly improved Nodeset Compiler, including support for structure values
  • Added UA_order function for all data types (equality test / absolute ordering for binary search trees, etc.)
  • Support for TLS-encrypted MQTT-based PubSub
  • Internally generate temporary self-signed certificates

Besides the major functional additions, many small features, fixes and general improvements went into this release. Particularly, the memory consumption of the information model was reduced by about 1/3 compared to the 1.2 release series.

Note that the v1.3 release family contains new features compared to v1.0. These have not been part of the certification that was achieved for the example server based on the v1.0 release.

open62541 (http://open62541.org/) is an open source and free implementation of OPC UA (OPC Unified Architecture) written in the common subset of the C99 and C++98 languages. The library is usable with all major compilers and provides the necessary tools to implement dedicated OPC UA clients and servers, or to integrate OPC UA-based communication into existing applications. The open62541 library is platform independent. All platform-specific functionality is implemented via exchangeable plugins. Plugin implementations are provided for the major operating systems.

open62541 is licensed under the Mozilla Public License v2.0 (MPLv2). This allows the open62541 library to be combined and distributed as part of proprietary software. Only changes to the files of the open62541 library itself need to be licensed under the MPLv2 when copied and distributed. The plugins, as well as the server and client examples are in the public domain (CC0 license). They can be reused under any license and changes do not have to be published.

Reply all
Reply to author
Forward
0 new messages