Prosys OPC UA SDK for Java 4.11.0 Released
We have released a new version of the Prosys OPC UA SDK for Java.
This is a new minor release of the SDK. It contains new features, bug fixes, and security-related fixes. We recommend everyone to update to this version.
The UaClient version of PubSubSystem now supports Event-DataSets and Subscription-based data sampling (the new default).
This release contains 2 security fixes related to Diagnostics and extra information on a failure.
The first security fix now limits reading the SessionSecurityDiagnosticsArray node of the Server to only Sessions which UaServerListener allows. This can be mitigated in earlier versions; see release notes.
The second security fix limits extra information in OPC UA TCP ErrorMessage and in the ResponseHeader(s) returned with any ServiceResponse. We are not aware of any attack scenarios where this information could be used, but it could potentially be useful for an attacker.
This release changes the default behavior on connection limits introduced in Version 4.10.4. Now if a maximum number of connections is not set in UaServer, by default, 10% more (at least +1) connections than the maximum number of Sessions are allowed. This allows Clients to get a “maximum sessions reached” error message.
Read more at the Release notes »
Please contact Prosys OPC Sales for more information.