Security Updates

The team at SourcePro by Perforce is committed to the highest possible standard of security in our C++ Libraries. Which is why we are continually updating our libraries to mitigate security risks and provide a world class C++ development platform for customers. Upgrade to the latest version of SourcePro and view the previous security updates below. 

UpdateDescriptionFixed
OpenSSL Critical Vulnerability Fix
The version of OpenSSL shipped by default with SourcePro 2022.1 contained the vulnerability "CVE-2022-3786".  This vulnerability allows for a buffer overrun to be triggered in X.509 certificate verification.SourcePro 2022.1.1
Potential Integer Overflow
A potential integer overflow was identified through static analysis in RWStandardCString::toLower.SourcePro 2022.1
Potential Buffer Overflow
Potential buffer overflow error when constructing or assigning to an RWBasicUString from an RWUChar16 array.SourcePro 2020
Improved Security Protocol
Added support for TLSv1.3SourcePro 2018.1
Thread Safety
Multi-threaded network code calls non-reentrant functions on Solaris platforms.  Getservbyname and gethostbyname both affected in multi-threaded builds.SourcePro 2016.3
Improved Security Options
A new RWSecureSocketContext constructor was added to allow fine-grained control over the allowed TLS protocol versions.SourcePro 2016.3
Invalid Memory Read
Fixed invalid memory read when comparing RWBasicUString against a NULL terminated RWUChar16 array.SourcePro 2016.2
Improved Security Standards
All SourcePro modules now conform to the latest security standards CWE, CERT, OWASP, DISA STIG, and MISRA, and were tested with Klocwork Insight 10 analysis rules related to these standards.SourcePro 13
Improved Security Protocol
FTPS Package:  This new package provides FTP support over secure connections.SourcePro 12.5

Upgrade to the Latest SourcePro Version

Upgrade to the latest SourcePro version for the best of security in C++ Libraries.