MIB Explorer 5.0.8 has been released 2022-06-26T22:00:00Z. The new release includes some security updates in dependencies (although the vulnerable features were not used) and a lot of internal fixes regarding TLS communication.
CHANGES
- Updated: OpenJDK included in installer to version 18.0.1.
- Changed: Removed OpenJFX support for the online help. If your OS does not provide a
HTML browser, please visit MIB Explorer Manual - Fixed: Possible busy loop on writable key if
outAppBuffer
is there for a socket entry but contains no data to be sent. - Fixed: Concurrent reconnect (TCP,TLS) to use existing connect instead of always replacing it by new connection.
- Fixed: TLS session not closed if inbound is done by TLS 1.3 remote (i.e., because of a TLS version mismatch).
- Fixed: Possible race condition in
Snmp.send()
which could returnnull
asResponseEvent
if the response was received shortly after the request timed out. - Improved: TLS handshaking “key is writable” looping when waiting for agent handshake response is now suppressed.
- Added: TLS
contextEngineID
discovery cache to avoid rediscovery of context engine IDs for an address using RFC 5343 mechanism as long as the TLS connection to that address remains open. - Fixed [SFJ-245]: Possible Deadlock in
Snmp.PendingRequest.resendRequest
on behalf of (D)TLS context engine ID discovery. - Improved: Invalid as signed encoded 9 byte 64bit unsigned integer 64bit values will not be decoded by
BER.decodeUnsignedInt64
anymore. Instead invalid length exception is thrown. - Fixed: Bug in
DTLSTM.HandshakeTask.run()
which caused DTLSTM handshake not to finish within timeout causing connect to fail or to be slow… - Fixed: Clean TLS session closing with
TLSTM.SocketEntry.closeSession()
and improved INFO logging when session is closed. - Fixed: NPE in
DefaultTlsTmSecurityCallback
if local fingerprint is null. - Fixed: Possible NPE when sending TLS message without tmStateReference.
- Improved: Removed busy wait in DTLSTM.SocketEntry.
- Improved: Transport state event sending for closed connections that are closed via TLS messages but not (yet) via closed TCP connections.
- Fixed [SFJ-244]: Removed secret information (keys and passwords) from any log output (by default).
- Added: Default non-printable character support for OctetString.toString().
- Added [SFJ-243]: Add OSCP/CRL X500 certificate revocation checking support to SNMP4J (D)TLS. Set the System Property
com.sun.net.ssl.checkRevocation
totrue
and the Security Propertyocsp.enable
true
to activate OSCP. Adding a revocation list URI in the UI will be added with the 5.0.9 release to activate CRL checking. - Added: Support for SHA384 and 512 to TLS cert fingerprint processing.