Received the IN-119 notice, and it says:
All users are recommended to use the latest release of BLE protocol stack software for product development. All BLE protocol stacks from Nordic Semiconductor released after July 2016 are not affected by this vulnerability.
Could someone clarify which versions are acceptable, instead of going by date? It looks like SDK 12.2 might be covered, so everything after that should be unaffected?
Could someone clarify which versions are acceptable, instead of going by date?
If you take look at the Informational Notice of Security Vulnerability (IN-119). The affected versions is listed on the top right. "Product version information: All versions of S110, S120 and S130 S132 v2.0.0"
It looks like SDK 12.2 might be covered, so everything after that should be unaffected?
It's not the SDK itself that is affected by this, but certain versions of the Softdevice (ref. IN-119). Using SDK v.12.2.0 with Softdevice S132 v.3.0.0 (which is listed as the supported S132 Softdevice) will not be affected by this.
Best regards, Joakim
Does S130 v2.0.1 acceptable?
Yes, as I said the affected versions is listed in the Notice of Security Vulnerability IN-119.
Is Application definitely affected when using the corresponding soft device?
The following is not in the source code and I didn't know if my application was corresponding.・READ_BY_TYPE_REQUEST・READ_BY_GROUP_TYPE_REQUEST