COMPATIBILITY_INFORMATION

CDS-76817 CLONE - VxWorks: Implement SysSockGetFirstAdapterInfo to support gateway address

[[GENERAL]]
Ethernet Adapters may have several default routes. Only first route is displayed.
Functionality to read route information of an Ethernet adapter is only supported for VxWorks7 and greater
versions.

CDS-76146 CLONE - WebServer: The server should not return the content of all files
[[GENERAL]]
For more details see Advisory 2021-11, which is available on the CODESYS website:
https://customers.codesys.com/index.php?
eID=dumpFile&t=f&f=16803&token=0b8edf9276dc39ee52f43026c415c5b38085d90a&download=

CDS-77259 CLONE - Gateway: DOS due to null pointer dereference

[[GENERAL]]
For more details see Advisory 2021-12, which is available on the CODESYS website:
https://customers.codesys.com/index.php?
eID=dumpFile&t=f&f=16804&token=d8c89c887979b22fdfc9fd5c3aa3804bbb1ddbff&download=

CDS-77137 CLONE - VxWorks: OPCUA port 4840 down on max. concurrent connection scan
[[GENERAL]]
For more details see Advisory 2021-10, which is available on the CODESYS website:
https://customers.codesys.com/index.php?
eID=dumpFile&t=f&f=14806&token=637e12e86301b83beac1653bd88da3aa5aa3f51b&download=

CDS-77136 CLONE - Web server crashes when subjected to HTTP header memory exhaustion attack
[[GENERAL]]
For more details see Advisory 2021-09, which is available on the CODESYS website:
https://customers.codesys.com/index.php?
eID=dumpFile&t=f&f=14805&token=f0b86f99bb302ddd4aadec483aed5f5d3fddbf1a&download=

CDS-77562 CLONE - BinaryFormatter: Vulnerability caused by deserialization of untrusted

"MissingTypes" data
[[GENERAL]]
For more details see Advisory 2021-13, which is available on the CODESYS website:
https://customers.codesys.com/index.php?
eID=dumpFile&t=f&f=16805&token=ee583c498941d9fda86490bca98ff21928eec08a&download=

CDS-77561 CLONE - BinaryFormatter: Vulnerability caused by deserialization of untrusted culture

settings
[[GENERAL]]
For more details see Advisory 2021-13, which is available on the CODESYS website:
https://customers.codesys.com/index.php?
eID=dumpFile&t=f&f=16805&token=ee583c498941d9fda86490bca98ff21928eec08a&download=

CDS-77178 CLONE - AccessDenied exceptions during setup or CODESYS startup

[[GENERAL]]
ShadowCopy was deactivated for the executables CODESYS, PackageManager, PackageManagerCLI
and IPMCLI
Every call to one of this executables will result in a selfcall to the same executable, in which the called
function is executed. In the wrapping call all files which need to be copied are copied after the inner call
finished execution. If an error occurs during the copy operations a rollback is performed. If this rollback is
not possible or fails, the installation will be marked as corrupted and a reinstall will be required.

[[COMPATIBILITY_INFORMATION-OEM]]
Having removed the .Net Shadow Copy mechnism may lead to access denied exceptions within OEM
code trying to overwrite assemblies that are currently loaded. This may occur with OEM plugins running in
a standard CODESYS executable during installation of plugins or packages via Autmation Platform API.
Not affected are custom OEM executables still having .Net Shadow Copy active and installations via
PackageManager or IPM executables.

CDS-71069 Library Manager: Documents or files are displayed or executed without first checking their
validity
[[GENERAL]]
For more details see Advisory 2021-03, which is available on the CODESYS website:
https://customers.codesys.com/index.php?
eID=dumpFile&t=f&f=14639&token=fa836f8bd4a2184aa9323a639ca9f2aaf1538412&download=

CDS-40084 Packages: Introduce signatures

[[GENERAL]]
For more details see Advisory 2021-02, which is available on the CODESYS website:
https://customers.codesys.com/index.php?
eID=dumpFile&t=f&f=14636&token=1ce7e6e4cbe4651989ede418450d7c82e972bdf2&download=

CDS-68721 Compiler: Special initialization construct with Property of REFERENCE TO ARRAY OF

<interface> and THIS^ pointer may not lead to expected result
[[GENERAL]]
The problem exactly occured in the following situation:
a function block instance is assigned to a property of reference to array of interface type:

x.RefToArrayOfITF[0] := inst;

in this case, the pointer assigned to the array is corrupted and a call results in a crash.
Fixed with Compiler Version >= 3.5.17.0

CDS-72724 J1939: Database violates terms of use!

[[COMPATIBILITY_INFORMATION]]
With CODESYS 3.5.17.0 and higher the J1939 configurator does not contain the deprecated
parametergroup/signal database anymore.
Now it is possible to install a new updated parametergroup/signal database via a DBC file in the J1939
Manager editor.
An up to date J1939 DBC database can be purchased from CSS Electronics:
https://www.csselectronics.com/screen/product/j1939-dbc-file-pgn-spn
You can use the 5% discount code: J1939DBC_CODESYS

CDS-71157 Build Commands: Remove Build and Rebuild commands from menu by default
[[GENERAL]]
The build menu for a project now contains only 3 commands
- Generate Code (F11)
- Clean
- Clean All
The icon that was used for build is now used for generate code. The short cut F11 and the tool bar button
now invokes generate code. The old build command can be customized, if necessary.
Removed from the build menu are:
- Build
- Rebuild
- Generate runtime system files (m4 export)
The build menu for a library has changed, too:
Generate runtime system files is now only available for a library. Check all pool objects now uses the
same short cut F11 and the same icon and the same tool bar button as the generate code command.
A new command
Generate Code for Active Application is available in libraries in case that the library contains an application
in order to build this application. No short cut and no tool bar button is available for this command.

CDS-72734 CodeMeter: Update to current version 7.10a

[[GENERAL]]
For more details see Advisory 2020-06, which is available on the CODESYS website:
https://customers.codesys.com/index.php?
eID=dumpFile&t=f&f=13245&token=12e702eb28edb2de082dc2f5e1375bea35c2fd1d&download=

CDS-71574 CodeMeter: Update to current version 7.00b

[[GENERAL]]
For more details see Advisory 2020-06, which is available on the CODESYS website:
https://customers.codesys.com/index.php?
eID=dumpFile&t=f&f=13245&token=12e702eb28edb2de082dc2f5e1375bea35c2fd1d&download=

CDS-70909 Compiler: Move Parsetree duplication to later phase

[[GENERAL]]
More phases of the compile process are now done in parallel in several threads. This increases speed
and lowers the peak in memory consumption during the compile process, because a lot of data is now
only created temporary. To achieve this, it was necessary to restructure the compile process largely.
This could have an effect on AP-Plugins that directly intervene in the process, especially for
instrumentation of existing code.
If, for example, a plugin reacts on OnAfterCompile with introducing additional statements in compiled
POUs, this will no longer work by simply manipulating the ParseTree of a CompiledPOU.
In order to get a ParseTree that can be manipulated a new Method is introduced:
sequence = (comcon as
ICompiledApplicationSetForInstrumentation).CreateParseTreeOfPOUForInstrumentation(cpou);
This will only work during compile! The function should only be used on selective POUs, since it destroys
the positive effect on memory consumption an compile time of the rework.

CDS-73957 CODESYS SoftMotion WinV3 / RTE V3: add deprecation warning to description of device
description.
[[COMPATIBILITY_INFORMATION-EndUser]]
New versions of the Windows-based soft PLC can now run Soft Motion applications, so the old special
Soft Motion Controllers are no longer needed. The Windows Soft Motion device descriptions may not be
updated in future service packs. Use the CODESYS Control devices instead of the CODESYS for new
applications and consider updating existing applications to the new PLC device descriptions.

CDS-58839 ResetOriginDevice: Should be configurable

[[COMPATIBILITY_INFORMATION]]
The reset origin device can now be configured to keep dedicated objects during the reset. If the reset
origin device is triggered by an old client (e.g. a CODESYS IDE <= V3.5.16.0) all objects for which the
current user has the needed rights will be deleted.
This behaviour does already apply for the UserManagement since V3.5.12.0 (only if an administrator
executes the reset origin device, the user management is deleted) and is now extended for all new options
(e.g. certificates).

CDS-72923 CODESYS Control for Linux (and ARM) SL: update wibu codemeter package to 7.10a
[[GENERAL]]
For more details see Advisory 2020-06, which is available on the CODESYS website:
https://customers.codesys.com/index.php?
eID=dumpFile&t=f&f=13245&token=12e702eb28edb2de082dc2f5e1375bea35c2fd1d&download=

CDS-71310 CmpRouter/CmpRouterEmbedded: Crafted packet may cause a DoS

[[GENERAL]]
For more details see Advisory 2020-02, which is available on the CODESYS website:
https://customers.codesys.com/index.php?
eID=dumpFile&t=f&f=13077&token=3bfc6d1d08415a6260b96093520071f5786e7fd4&download=

CDS-73742 CODESYS Control: Enable online user management by default

[[GENERAL]]
The user management on the device is now enforced by default. No login to the runtime is possible any
longer without activating the user management.
Activating the user management can be done by connecting with a CODESYS IDE (version must be at
least V3.5 SP16). During the first connect, the user is allowed to configure an administrator user with own
credentials.

For more details see Advisory 2019-08, which is available on the CODESYS website:
https://customers.codesys.com/index.php?
eID=dumpFile&t=f&f=12943&token=d097958a67ba382de688916f77e3013c0802fade&download=

CDS-67954 Router: Prevent broadcasts as receiver address

[[GENERAL]]
For more details see Advisory 2021-01, which is available on the CODESYS website:
https://customers.codesys.com/index.php?
eID=dumpFile&t=f&f=14640&token=623b6fceb0579ef0f7505e29beefa5b3f8ac7873&download=

CDS-66960 CmpFileTransfer/CmpUserMgr: Many files in FilePath might lead to longer bootup times
[[COMPATIBILITY_INFORMATION]]
[CmpFileTransfer]
; If UserManager is part of the runtime FileTransfer supplies the UserManager with a directory tree at
startup.
; There are two optional settings to limit the directory tree for UserRightsManagement (Access Rights):
;UserMgrDirLevel=0
; means that "/" is listed in UserRightsManagement but not parsed further (i.e no other entries)
;UserMgrDirLevel=1
; means that "/Dir1" is listed but not parsed further (i.e entries of "/" only)
;UserMgrDirLevel=2
; (default) means that "/Dir1/Dir2" is listed but not parsed further (i.e entries of "/" and entries of "/Dir1")
;UserMgrDirLevel=-1
; means no limit, may slow down startup of PLC
UserMgrDirEndpoint=$SDCard$
; means that placeholder $SDCard$ is listed but not the entries of $SDCard$
UserMgrDirEndpoint.1=systemfiles
; means that directory entry "systemfiles" is listed but not the entries of "systemfiles"

CDS-63463 Freewheeling Task : Implicit cycle time and setting of load/sleep duration
[[COMPATIBILITY_INFORMATION-EndUser]]
- Short running freewheeling tasks have a minimal sleep time of 1ms and so the CPU load is below 50%
- Several running freewheeling tasks consume now in sum only the have of the processorload percentage
(maximum 50%)!

CDS-73745 Simulation: deactivate user management and external access

[[COMPATIBILITY_INFORMATION]]
For security reasons, the Simulation runtime within the CODEYS Development System no longer allows
communication with the CmpBlkDrvTcp by default. The following setting in SimulationRts.cfg enables the
access to the simulation from other local processes via CmpBlkDrvTcp again. We strongly recommend
keeping the default value, if no specific clients need to communicate to the Simulation runtime system.
[CmpBlkDrvTcp]
EnableServer=1

CDS-71196 SysTimeRtcVxworks.c : Update of VxWorks TimeZone Information when 3S Timezone is

set/changed
[[GENERAL]]
The VxWorks environment variable TIMEZONE will be set/updated:
1) in initialization phase (either default values or retrieved setting values from <CODESYSControl.cfg> file
-> section [SysTimeRtc]
2) when calling the function : SysTimeRtcSetTimezone( ) from IEC or C.

CDS-71999 CODESYS Control VxWorks fails to start, if "FilePath" directory does not exist
[[GENERAL]]
Issue is implicitly solved with CDS-40468 "CmpSettings: It should be possible to add a new setting, even if
the section is located in the readonly ini-file" (V3.5.16.0)

CDS-71179 VisuServer: Possible uncontrolled memory allocation

[[GENERAL]]
For more details see Advisory 2020-05, which is available on the CODESYS website:
https://customers.codesys.com/index.php?
eID=dumpFile&t=f&f=13199&token=3e283c3e73fed61f7c181a7fa1169477efaf0c58&download=

CDS-75011 Gateway: DOS due to Access Violation

[[GENERAL]]
For more details see Advisory 2021-04, which is available on the CODESYS website:
https://customers.codesys.com/index.php?
eID=dumpFile&t=f&f=14637&token=8dbd75ae7553ae3be25e22f741db783b31e14799&download=

CDS-72827 J1939: Big endian signals are wrong implemented.

[[COMPATIBILITY_INFORMATION]]
Bit/Byte position for Big Endian systems were interpreted wrong in previous CODESYS versions. Start
position always has to be the least significant bit!
If you have existing projects with big endian signals you have to modify the bit positions accordingly when
using the new J1939 stack.

CDS-71350 Net Base Services : Mechanism for TCP_Client to retry SYN at defined intervals
[[GENERAL]]
In order to recognize the establishment of a connection securely (system independent), it is necessary to
send and receive data. This process is inherently application-specific. For this reason, a new attempt to
establish a connection cannot be included generically in the library.

CDS-71910 IecVarAccess: IecVarAccGetTypeNode3 returns unexpected TypeNode for ARRAY element

behind REFERENCE
[[COMPATIBILITY_INFORMATION-EndUser]]
The API's IecVarAccGetTypeNode3 (C) and VarAccGetTypeNode3 (IEC) will now return always the
effective type node. References are now resolved completely by this function. You will not get a type node
of a reference anymore.