From: Michael Gernoth Date: Sun, 9 Aug 2015 18:50:25 +0000 (+0200) Subject: README: add security information for older versions X-Git-Tag: v0.102~23 X-Git-Url: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/hmcfgusb/commitdiff_plain/fe6f87a97b74a94fae97694038daae60f2b5f3dd?ds=sidebyside README: add security information for older versions --- diff --git a/README.md b/README.md index f0ccc78..a658d7f 100644 --- a/README.md +++ b/README.md @@ -60,6 +60,14 @@ hmland without this switch. It was the hardcoded default in versions This incompatibility is needed so connecting software is able to differentiate between HM-CFG-LAN and HM-CFG-USB. +**Important security information:** +Versions before 0.101 do not correctly transmit the AES channel-mask +to the HM-CFG-USB, which results in signature-requests not being generated +by the device in most cases. This can lead to processing of unsigned messages +by the host-software. If you are relying on authenticated messages +(with e.g. aesCommReq in Fhem) from devices like door-sensors and remotes, +you should upgrade to at least version 0.101. + [releases-directory]: https://git.zerfleddert.de/hmcfgusb/releases/ [hmcfgusb-HEAD-xxxxxxx.tar.gz]: https://git.zerfleddert.de/cgi-bin/gitweb.cgi/hmcfgusb/snapshot/HEAD.tar.gz [Homegear]: https://www.homegear.eu/