Skip to content

2.3.3
Compare
Choose a tag to compare
@jyao1 jyao1 released this 01 Jun 07:03
· 850 commits to main since this release
2.3.3
0ce1c83

Tag 2.3.3 fixes a security issue - DMTF-2023-0002: Responder can Invoke Undefined Behavior in libspdm Requester. #2068
Please also see GHSA-56h8-4gv5-jf2c.

Tag 2.3.3 fixes an implementation defect present in tags 2.3.2 and previous. #2039. The order of RequesterInfo and OpaqueData in GET_CSR is reversed. While tag 2.3.3 has corrected this defect it means that a tag 2.3.3 endpoint will not be able to send GET_CSR to a tag 2.3.2 and previous endpoint.

This is an SPDM implementation security issue and SPDM specification compliance issue, we suggest the consumers use the tag 2.3.3 for further development and do not use any previous tags.

Assets 2
Loading