Safety vulnerability ID: 52070
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Xknx 2.0.0 updates its dependency 'cryptography' to v38.0.3 to include security fixes.
Latest version: 3.4.0
An Asynchronous Library for the KNX protocol. Documentation: https://xknx.io/
Interface changes
- Removed `own_address` from `XKNX` class. `ConnectionConfig` `individual_address` can be used to set a source address for routing instead.
If set for a secure tunnelling connection, a tunnel with this IA will be read from the knxkeys file.
- Disable TelegramQueue rate limiting by default.
- Separate discovery multicast group from routing group. Add `multicast_group` and `multicast_port` `ConnectionConfig` parameters.
Connection and Discovery
- Use manually configured IP secure tunnel password over loading it from keyring.
- GatewayScanFilter now also matches secure enabled gateways by default. The `secure` argument as been replaced by `secure_tunnelling` and `secure_routing` arguments. When multiple methods are `True` a gateway is matched if one of them is supported. Non-secure methods don't match if secure is required for that gateway.
- Self description queries more information from Core v2 devices via SearchRequestExtended.
Features
- Add support for python 3.11
- Add methods to Keyring to get interfaces by individual address (host or tunnel).
Internal
- Remove `InterfaceWithUserIdNotFound` and `InvalidSignature` errors in favor of `InvalidSecureConfiguration`.
- Keyring: rename `load_key_ring` to `load_keyring` and make it a coroutine.
Management
- Fix APCI service parsing for 10bit control fileds.
- Set reasonable default count values for APCI classes.
- Set xknx.current_address for routing connections so management frames received over Routing are handled properly.
- Fix wrong length of AuthorizeRequest.
- Raise sane error messages in Management.
Bugfixes
- No mutable default arguments. Fixes unexpected behaviour like GatewayScanner not finding all interfaces.
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application