SNMP4J-CLT CHANGES ================== [2023-03-29] Version 3.4.5: * Updated: SNMP4J to 3.7.7 with several fixes on TLS communication where several SNMP packets are sent within a single TLS message and close PDU is received just before handshake is finished. [2022-11-14] Version 3.4.4: * Improved: TableEvent instances for rows fully received by the agent, but last column is not returned by the agent (i.e., a sparse table with missing last column) are now returned immediately, if TableUtils detect, that the last column is empty. Before, all rows were cached until the whole table was fully retrieved in this case. * Added: -Otmr option to limit the total rows returned by table command. Default is "no limit" (0) as before. [2022-06-21] Version 3.4.3: * Fixed: Possible busy loop on writable key if outAppBuffer is there for a socket entry (= remote address) but contains no data to be sent. * Fixed: Concurrent reconnect (TCP,TLS) to use existing connect instead of always replacing it by new connection. * Improved: Snmp.PendingRequest.run() will no longer rethrow RuntimeExceptions and Errors occurring while processing retries to make retry handling resilient against exceptions thrown in ResponseListener.onResponse() implementations. * Fixed: TLS session not closed if inbound is done by TLS 1.3 remote (i.e., because of a TLS version mismatch). [2022-05-13] Version 3.4.2: * Fixed: TLS session not closed if inbound is done by TLS 1.3 remote (i.e., because of a TLS version mismatch). [2022-03-22] Version 3.4.1: * Improved: TLS handshaking "key is writable" looping when waiting for agent handshake response is now suppressed. [2022-03-18] Version 3.4.0: * Added: "xml" command to dump MIB modules to an output directory in XML format. * Added: TLS contextEngineID discovery cache to avoid rediscovery of context engine IDs for an address using RFC 5343 mechanism as long as the TLS connection to that address remains open. * Fixed [SFJ-245]: Possible Deadlock in Snmp.PendingRequest.resendRequest on behalf of (D)TLS context engine ID discovery. * Fixed: Concurrent modification Exception when iterating over results of walk when agent returns noSuchName error status on SNMPv1 request. * Improved: Invalid as signed encoded 9 byte 64bit unsigned integer 64bit values will not be decoded by BER.decodeUnsignedInt64 anymore. Instead, invalid length exception is thrown. * Fixed: Possible busy looping for ready read and write keys in TLSTM caused by half-closed TLS connections and Java runtimes that report NEED_WRAP status from SSLEngine instead of FINISHED after processing CLOSED TLS warnings (i.e., after half-closing the connection). * Fixed: Possible write key busy looping in TLSTM caused when NEED_TASK is returned by SSLEngine.wrap on writing a queued message. * Fixed: Bug in DTLSTM.HandshakeTask.run() which caused DTLSTM handshake not to finish within timeout causing connect to fail or to be slow. [2021-11-20] Version 3.3.0: * Fixed SFJ-244: Removed secret information (keys and passwords) from any log output. To reactivate output use SNMP4JSettings.setSecretLoggingEnabled(true). * Added: Default non-printable character option -Oesc . * Fixed: Re-added MD5 and SHA support. * Updated SNMP4J to v3.6.1. * Added [SFJ-243]: Add OSCP/CRL X500 certificate revocation checking support to SNMP4J (D)TLS. Use System.setProperty("com.sun.net.ssl.checkRevocation", "true"); Security.setProperty("ocsp.enable", "true"); to activate OSCP and use TLSTM.setX09CertificateRevocationListURI(..) to activate CRL checking. * Added: Support for SHA384 and 512 to TLSTMUtil.getFingerprint(X509Certificate cert). * Fixed [SFJ-236]: TableUtils could enter endless loop if agent returns rows not within lexicographic order and looping row hits first row in row cache. That could happen only if the agent returns a row again, that was returned already before. * Fixed: Possible endless wait in TreeUtils.walk and .getSubtree if exception occurs before actually sending the first SNMP request. [2020-05-25] Version 3.2.0: * Fixed [SFJ-228]: Added PBKDF2 derivation of shared private key (z) to USM authentication and privacy key in the usmDHKickstartRun command. Used dhParameters are now stored in the DH private key properties file too. * Updated SNMP4J to v3.4.1. [2020-04-28] Version 3.1.3: * Fixed [SFJ-226]: usmDHKey produces wrong privacy key length if authentication protocol uses different key length than the privacy protocol. * Updated SNMP4J to v3.4.0. [2019-08-15] Version 3.1.2: * Updated SNMP4J to 3.3.1 to fix TLS certificate validation. [2019-06-22] Version 3.1.1: * Updated SNMP4J to 3.2.1 to fix timeout handling regression in SNMP4J-CLT 3.1.0. [2019-05-31] Version 3.1.0: * Updated SNMP4J to 3.2.0: Improved TLS/DTLS support. Added support for TLSv1.3 and (D)TLS trap receiving. * Added: Time stamp to packet sent/received messages. * Fixed: Added output for received traps/notifications/informs. [2018-11-24] Version 3.0.3: * Updated SNMP4J to 3.0.6 * Fixed [SFJ-189]: Race condition in ThreadPool which could block task execution. * Fixed [SFJ-190]: DefaultUdpTransportMapping throws exception and blocks ListenThread shutdown on incoming packet after shutdown. * Fixed [SFJ-191]: TLSTM does not reassemble TLS fragments sent as more than one TCP packet correctly (i.e. SSLEngine BUFFER_UNDERFLOW not handled correctly) * Fixed [SFJ-192]: TLSTM is not able to parse fragmented TLS packets if two or more fragments are received in one TCP packet. [2018-10-23] Version 3.0.2: * Updated SNMP4J to 3.0.5 * Fixed [SFJ-186]: Regression: TLS message sending was broken in version SNMP4J-CLT 3.0.0 to 3.0.1. * Fixed [SFJ-182]: TLSTM does not send/receive SNMP messages longer than 16379 bytes. [2018-10-15] Version 3.0.1: * Updated SNMP4J to 3.0.4 * Fixed [SFJ-180]: Possible NullPointerExceptions in TLSTM connect (socketCleaner) and close. * Improved: DTLS/TLS debug logging. [2018-10-10] Version 3.0.0: * Updated: SNMP4J to 3.0.2. * Added: Diffie Hellman key exchange support with the new commands usmDHKey, usmDHKickstartInit, and usmDHKickstartRun. * Added: DTLS support with the new target address type 'dtls' which operates similar to TLS but uses a new option 'dtls-version' to control the DTLS version used (default is 1.2). * Changed: SNMP4J-CLT 3.x requires Java runtime 9.0.4 or later. * Improved: Replaced Java logging with SNMP4J's console logger which simplifies log setup. [2017-03-06] Version 2.1.0: * Updated: SNMP4J to 2.5.6. * Added: Units are appended to dump when defined in corresponding OBJECT-TYPE definition of the OID. * Added [SFJ-112]: Added SHA-2 (SHA-224,-256,-384,-512) support to USM as defined by RFC 7630. * Fixed [SFJ-116]: Improve performance for browsing sparse tables. * Added: Error checking for negative ranges for unsigned numeric values. [2014-01-10] Version 2.0.0: * Added: TLS 1.0, 1.1, and 1.2 support. * Updated: SNMP4J to 2.2.3. * Added: New OID formats: (1) numeric dotted string, (2) last name + numeric index/suffix, (3) last name + formatted index, (4) last name + formatted and escaped index with string quotation. * Added: Option -rsl to control accepted security level for REPORT processing. * Added: PIB module parsing support in the MIB compiler. [2010-06-17] Version 1.2.1: * Updated: SNMP4J to 1.11.1 (and thus improved CPU usage for TCP transport mapping). [2010-03-22] Version 1.2.0: * Added: Directory and ZIP file compilation support for the "mib add" sub-command. * Fixed: False warning about empty MIB repository. * Added: mib list command to list modules in a repository. [2010-02-23] Version 1.1.3: * Updated: SNMP4J to 1.11 (and thus improved TCP transport mapping) [2010-01-07] Version 1.1.2: * Fixed: Added -p option to dump SNMP packet sent or received as hex string. [2009-12-16] Version 1.1.1: * Fixed: ClassCastException when using option -t to set timeout. [2009-10-23] Version 1.1.0: * Added: Commands usmUser and usmKey to manage SNMPv3 users and their passphrases. * Improved: Error messages for USM and MPv3 errors. * Fixed: An explicit type identifier in curled braces does not need to be specified any longer if MIB information is available for an OBJECT TYPE. [2009-07-24] Version 1.0.1: * Fixed: Option without parameter could not be saved as default option. * Fixed: Version output. [2009-07-21] Version 1.0.0: * Initial release.