Recommended Update to Version 08.0.01
It is highly recommended that you update your Industrial HiVision Software to this version. In version 08.0.00, the path to the HiVisionMasterService is vulnerable to an attack.
JAVA version in version 08.0.01
The JAVA version used in this release is OpenJDK 8u222.
Security Vulnerability Corrected in version 08.0.01
Regarding the Java vulnerability CVE 2018-3149, for Java SE 8u191; Vulnerability in Java JNDI component used by different APIs like LDAP, DNS or Corba. It is a difficult to exploit vulnerability which allows an unauthenticated attacker with network access via multiple protocols to compromise this JNDI component of Java SE. The JRE has been updated to OpenJDK 8u222 in this version. The vulnerability has been corrected in this release.
Regarding the Java vulnerability CVE-2018-14718, for FasterXML jackson-databind 2.x; Versions before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic de-serialization. The jackson-databind version has been updated to 2.9.9. The vulnerability has been corrected in this release.
The 'Putty' version (0.60) with a security risk was used as a built-in client. The 'Putty' client was updated to the latest version 0.71. The vulnerability has been corrected in this release.
Issues fixed in version 08.0.01
You can find the problems, workarounds and fixes related to this release in the issue list.
New features in version 08.0.01
Additions to the manual in version 08.0.01
When adding text in the Preference> Basics> Event Actions> Alarms> New Entry> Message field, certain words are prohibited. The reserved words are prohibited in English and German only.
The reserved words are contained in the following list: