| Tip |
|---|
This is the advisory page for Service Provider V3 releases. For older V2 SP advisories, refer to the V2 SecurityAdvisories page |
...
Version | EOL | User Data Exposure | Resource Exposure | Session Hijacking | Denial of Service | Remote Exploit | Advisories |
|---|---|---|---|---|---|---|---|
All | X | X | X | X | 2018-08-03, 2018-01-23, 2014-04-09, 2011-10-24 | ||
3.5.0 | |||||||
3.4.1 | Oct 2024 | ||||||
3.4.0 | Jan 2023 | ||||||
3.3.0 | Nov 2022 | ||||||
3.2.3 | Dec 2021 | ||||||
3.2.2 | Jul 2021 | 2021-06-22 | |||||
3.2.1 | Apr 2021 | X | 2021-04-26 | ||||
3.2.0 | Mar 2020 | X | 2020-03-17 | ||||
3.1.0 | Dec 2020 | X | 2020-08-31 | ||||
3.0.4 | Apr 2020 | X | |||||
3.0.3 | Mar 2019 | X | 2019-03-11 | ||||
3.0.2 | Dec 2018 | X | 2018-12-19a | ||||
3.0.1 | Aug 2018 | X | X | X | X | ||
3.0.0 | Jul 2018 | X |
...
In the event that we ship releases known to, or that we subsequently discover to, contain vulnerable libraries and do not have specific plans to immediately issue a patch with a newer version, we will document any known issues here, and our official position as to the lack of relevance of the issue to the software. It is not our aim to pass generic, context-free scanners that simply flag every issue. Automation is not a substitute for human judgement.
V3.4.1
Curl (last reviewed 2025-02-05)
CVE-2024-9681, CVE-2024-11053, CVE-2025-0725, CVE-2025-0167, CVE-2025-0665
The SP is not impacted by these issues.
OpenSSL on Windows (last reviewed 20242025-1002-1611)
CVE-2024-9143, CVE-2024-12797
The SP is not impacted by these issues.
CVE-2024-13176
Use of ECDSA is rare, but not unsupported, so this is potentially an issue but the risk is quite low. We will issue a patch to update the library with this fix at the next opportunity but are not prioritizing it.