Komodia Security Bulletin
Date: February [25th], 2015

Komodia takes all security vulnerabilities very seriously. Komodia is pleased to present an updated version of its SDK that includes the following updates:

1. The updated version of the Komodia SDK creates a unique root certificate on each device. The password for each certificate is randomly generated.

2. The Komodia SDK removes alt subject field when the certificate validation fails.

3. The Komodia SDK uses the Online Certificate Status Protocol to check the revocation status of certificates.

4. The list of cipher suites supported by the Komodia SDK has been updated.

5. The updated Komodia SDK will delete earlier root certificates containing identified security vulnerabilities from the computer. Please note that the updated Komodia SDK will delete only the root certificate of the client it belongs to.

6. Information concerning a number of certain, specific root certificates that have been shown to be compromised has been preloaded in the Komodia SDK, and the Komodia SDK will not accept such specific certificates as valid.

Komodia acknowledges the efforts invested by individuals in the security community that have helped Komodia protect its customers and end users by discovering security vulnerabilities.

Nothing in this security bulletin shall be interpreted as providing any warranty on behalf of Komodia. Any warranties provided by Komodia must be set forth in a written license agreement between Komodia and the applicable third party. As such, all information in this Komodia Security Bulletin is provided “as is.”