Dyalog and Security-related Vulnerabilities

Last updated 07 April 2022

 

We occasionally receive enquiries as to the susceptibility of Dyalog, or applications implemented in Dyalog, to security‑related vulnerabilities. This page lists vulnerabilities that we have either responded to or been asked to comment on.

GnuTLS

Our secure TCP layer, known as Conga, uses GnuTLS to implement secure communications. We monitor security bulletins related to GnuTLS, and re-compile and make new versions of Conga available as required.

CVE-2014-0092: On all platforms, Conga v2.4 and earlier are exposed to the security bug described in CVE-2014-0092. This affects the use of Conga with secure communications (SSL and TLS) only. Conga v2.5 was recompiled in March 2014 against GnuTLS 3.2.12, which contains a fix for this issue.

Java

Dyalog is not vulnerable to any Java-related security issues: No part of Java is required or included with Dyalog itself. Examples of recent vulnerabilities are:

Dyalog uses the Jenkins automation server internally, to schedule jobs which build Dyalog. Our use of Jenkins only relies on the Java runtime engine.