Overview

This article provides information about the software security fixes included in this release. Fixes related to third-party vendor security weaknesses are referenced by their Common Vulnerabilities and Exposures (CVE) identifiers.

Important

For security purposes, we are not able to disclose the specific nature of the security vulnerabilities. If you have specific questions about any tickets, please reach out via support@unisonglobal.com and reference the ticket in question.

FED-812 (System.Formats.Asn1.dll Security Vulnerability Resolved)

Reported By

Reported Internally

Severity Rating

High

CVE Identifier

CVE-2024-38095

Summary and Resolution
A security vulnerability was identified in the System.Formats.Asn1.dll library used by FedConnect (Veracode classification: Software Composition Analysis, severity level 4 - High).

This issue is resolved by upgrading all instances of the System.Formats.Asn1.dll library to version 9.0.7, which is the latest stable release not affected by CVE-2024-38095. The updated version eliminates the known vulnerability and aligns with secure development best practices.

Unison FedConnect Support

FedConnect 3.11 Software Security Fixes Print

Overview

FED-812 (System.Formats.Asn1.dll Security Vulnerability Resolved)

FedConnect 3.11 Software Security Fixes Print

Overview

FED-812 (System.Formats.Asn1.dll Security Vulnerability Resolved)

Related Articles