COMPATIBILITY_INFORMATION

CDS-62029 Active content in library documentation may be used to execute hostile code
[[GENERAL]]
For more details see Advisory 2019-05, which is available on the CODESYS website:
https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-05_CDS-
62029.pdf
JavaScript included in the library documentation is only executed anymore, if the library was
sigend with a valid certificate.

CDS-63096 Compiler, DevApp: Persistent variable configuration is lost after import

[[GENERAL]]
The new warning C0508 is reported when a local variable shadows a local method or action in a
POU.
Compilerversion >= 3.5.15.0

CDS-63576 Compiler: No compile issue if a action and a fb_instance has the same name
[[GENERAL]]
The new warning C0508 is reported when a local variable shadows a local method or action in a
POU.
Compilerversion >= 3.5.15.0

CDS-64543 WebVisu: Specific request crashes WebServer with an exception

[[GENERAL]]
For more details see Advisory 2019-01, which is available on the CODESYS website:
https://customers.CODESYS.com/fileadmin/data/customers/security/2019/Advisory2019-
01_CDS-64543.pdf

CDS-65020 BACnet: CmpBACnet - wrong declaration of

IEC_BACNET_STRING.UNION_BACNET_STRING.wstringData
[[COMPATIBILITY_INFORMATION]]
Fixed wrong declaration of BACNET_STRING.data.wstringData.
BACNET_STRING.data.wstringData is relevant for DBCS- and UCS-2 encoding, which are not
supported right now.
No matter of that, the problem needed to be fixed to prevent later API changes if those encodings
should be supported in the future.
Fixing BACNET_STRING results in API signature changes for
bacnetreinitializedevice
bacnetrestorebacnetdevice
bacnetlifesafetyoperation
bacnetconftextmessage
bacnetunconftextmessage
bacnetconfeventnotification
bacnetdevicecommcontrol
bacnetunconfeventnotification
bacnetihaveex
bacnetacknowledgealarm
bacnetfindupdateobjectidnamebindings
bacnetdeleteobjectidnamebindings
bacnetbackupbacnetdevice
bacnetdoesobjectnameexist
bacnetacknowledgeinternalalarm
bacnetwhohas
bacnetwritegroup

CDS-65993 BACnet: CmpBACnet - remove BACnetReadPropertyConditional

[[COMPATIBILITY_INFORMATION]]
ReadPropertyConditional has been removed from the standard so the according method
BACnetReadPropertyConditional was removed from CmpBACnet.

CDS-66215 Update SoftMotion to 4.5.1.0

[[GENERAL]]
CODESYS SoftMotion is updated to version 4.5.1.0

CDS-47439 SysFileWin32, SysFileOpen: It should be possible to specify a share mode when

opening a file
[[COMPATIBILITY_INFORMATION-EndUser]]
SysFileDelete() under Windows (Control Win and Control RTE) works now, if the file is still
opened!
In this case the file will be deleted really on the filesystem, if the last open handle is closed on the
file!

CDS-51688 Control Win: Disable usage of multiple instances on one hardware

[[COMPATIBILITY_INFORMATION-EndUser]]
License for CODESYS Control Win cannot be used anymore for several instances of the runtime!
So the license is only valid for one instance.

CDS-54035 CmpIoMgr: Avoid long locks in ReadInputs / WriteOutputs

[[COMPATIBILITY_INFORMATION-OEM]]
There is a new feature for IO-drivers to do the synchronization itself and not by the IoManager.
NOTE:
Exisiting IO-drivers worked like before! There is no change in the existing behavior!
To use this feature, an IO-driver can specify the following new property:
#define DRVPROP_NO_SYNC 0x0080
Two new interfaces in CmpIoMgrItf can be used afterwards to do own synchronization:
- IoMgrLockEnter()
- IoMgrLockLeave()
See IoMgrItf for details.

CDS-60925 CAAFile: issues with Exclusive mode of FILE.open

[[COMPATIBILITY_INFORMATION-EndUser]]
Parameter xExclusive in CAA_File.library::Open functionblock cannot be supported, because our
targets only support POSIX behaviour!
And here a file can be deleted or renamed during it is still opened. And a file can be opened
several times (for reading and writing).

CDS-64663 WebServer: Specific directory traversal access possible

[[GENERAL]]
For more details see Advisory 2019-01, which is available on the CODESYS website:
https://customers.CODESYS.com/fileadmin/data/customers/security/2019/Advisory2019-
01_CDS-64543.pdf

CDS-64867 CmpSettings: Not allowed character in SetStringValue

[[COMPATIBILITY_INFORMATION]]
Settings in the CODESYSControl.cfg File:
From now on "=" characters are allowed in the values of settings of the type string.
The first "=" character in a line is the delimiter between the key and the value.

CDS-65080 CmpOPCUAServer: Crash if invalid request is sent

[[GENERAL]]
For more details see Advisory 2019-07, which is available on the CODESYS website:
https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-07_CDS-
65080.pdf

CDS-65149 CODESYS Control: Possible DoS vulnerability of communication servers

[[GENERAL]]
For more details see Advisory 2019-06, which is available on the CODESYS website:
https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-06_CDS-
65149.pdf

CDS-65459 CmpEventMgr: Reentrant calls of the same callback from different task contexts not
possible
[[COMPATIBILITY_INFORMATION-EndUser]]
Callback functions registered for events are now called concurrently.
That means that if a callback function registered for an event is currently being executed and the
event is triggered again, then the callback function will be called again concurrently.
Therefore, the developer of a callback function is now responsible for making its implementation
reentrant.
In addition, the developer of a callback function is responsible for avoiding recursive triggering of
the event within its registered callback function.

CDS-65847 Incorrect permission inheritance for file system objects

[[GENERAL]]
For more details see Advisory 2019-04, which is available on the CODESYS website:
https://customers.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-04_CDS-
65847.pdf
Was already fixed by CDS-58163 for version V3.5.13.0 and now newly assessed.

CDS-66221 CmpLog: Support of logger timestamps in console and file in ISO8601 format
[[COMPATIBILITY_INFORMATION]]
The timestamp of the logger is now changed in the console windows and the logfiles to ISO8601
format:
Format: YYYY-MM-DDThh:mm:ss.mmmZ
- YYYY=year
- MM=month
- DD=day
- T=delimiter
- hh=hour
- mm=minutes
- ss=seconds
- mmm: milliseconds
- Z=zulu time / UTC

CDS-67157 WinCE: Huge Cycle Time deviation when calling LogAdd.

[[COMPATIBILITY_INFORMATION-EndUser]]
From Version 3.5 SP15, the Windows CE runtime system has changed its default behaviour
regarding logging.
Now logger messages are dumped (written to files) asychronouosly, in older versions they were
dumped immediately.
This behaviour can be overwritten through the CODESYSControl.cfg file option:
[CmpLog]
Logger.nnn.Type=0x2404 (the bit with value 0x0400 must be set for dumping immediately)
If possible, have a look at the logger options in the Windows CE runtime system configuration file
(CODESYSControl.cfg)
For normal production, systems should be configured with dumping asychronously, and the file
backend should also be deactivated.

CDS-63686 Visu, Meter: Element draws bigger than configured

[[GENERAL]]
Requires Visu-Profil >= 3.5.15.0
[[COMPATIBILITY_INFORMATION-EndUser]]
The size and location of the meter is slightly changed due to a bug in the painting of the element

CDS-64208 Gateway: Insufficent check of service header

[[GENERAL]]
For more details see Advisory 2019-03, which is available on the CODESYS website:
https://customers.CODESYS.com/fileadmin/data/customers/security/2019/Advisory2019-
03_CDS-64208.pdf

CDS-65123 Gateway: GatewaySession could be hijacked

[[GENERAL]]
For more details see Advisory 2019-02, which is available on the CODESYS website:
https://customers.CODESYS.com/fileadmin/data/customers/security/2019/Advisory2019-
02_CDS-65123.pdf

CDS-65124 Gateway: Channel number uses insufficiently random values

[[GENERAL]]
For more details see Advisory 2019-02, which is available on the CODESYS website:
https://customers.CODESYS.com/fileadmin/data/customers/security/2019/Advisory2019-
02_CDS-65123.pdf

CDS-21761 Linux CAA File: Renaming of files and directories is possible even though they are
still opened
[[COMPATIBILITY_INFORMATION]]
Contrary to the original CAA specification the renaming of files and directories is possible even if
they are opened!
This behavior is dependent of the underlying operating system and file system.

CDS-21762 Linux CAA File: Removing of files is possible even though they are still opened
[[COMPATIBILITY_INFORMATION]]
Contrary to the original CAA specification the deletion of files and directories is possible even if
they are opened!
This behavior is dependent of the underlying operating system and file system.