| Tip |
|---|
This is the advisory page for Service Provider V3 releases. For older V2 SP advisories, refer to the V2 SecurityAdvisories page |
...
Version | EOL | User Data Exposure | Resource Exposure | Session Hijacking | Denial of Service | Remote Exploit | Advisories |
|---|---|---|---|---|---|---|---|
All | X | X | X | X | 2018-08-03, 2018-01-23, 2014-04-09, 2011-10-24 | ||
3.5.0 | |||||||
3.4.1 | Oct 2024 | ||||||
3.4.0 | Jan 2023 | ||||||
3.3.0 | Nov 2022 | ||||||
3.2.3 | Dec 2021 | ||||||
3.2.2 | Jul 2021 | 2021-06-22 | |||||
3.2.1 | Apr 2021 | X | 2021-04-26 | ||||
3.2.0 | Mar 2020 | X | 2020-03-17 | ||||
3.1.0 | Dec 2020 | X | 2020-08-31 | ||||
3.0.4 | Apr 2020 | X | |||||
3.0.3 | Mar 2019 | X | 2019-03-11 | ||||
3.0.2 | Dec 2018 | X | 2018-12-19a | ||||
3.0.1 | Aug 2018 | X | X | X | X | ||
3.0.0 | Jul 2018 | X |
...
V3.4.1
Curl (last reviewed 20242025-1102-0605)
CVE-2024-9681, CVE-2024-11053, CVE-2025-0725, CVE-2025-0167, CVE-2025-0665
The SP is not impacted by this issuethese issues.
OpenSSL on Windows (last reviewed 20242025-1002-1611)
CVE-2024-9143, CVE-2024-12797
The SP is not impacted by these issues.
CVE-2024-13176
Use of ECDSA is rare, but not unsupported, so this is potentially an issue but the risk is quite low. We will issue a patch to update the library with this fix at the next opportunity but are not prioritizing it.