RELEASED: Public: 2021-11-04
Security fixes
- Non-constant time checking was performed for the controller CasC bundle access token (BEE-8344)
-
The CasC bundle access token that is used to authenticate the request between the controller and the operations center server was checked in non-constant time, resulting in a potential security vulnerability.
This issue has been resolved. The controller CasC bundle access token is now checked using a constant time comparison.