Category
All
CVE-2024-55959 - Insecure permissions on private key file generated by the Mender Client
A customer recently notified us of a security issue in Mender. On some versions, mender-auth generates private key files with non-strict file permissions.
Challenges in complying with the EU Cyber Resilience Act (CRA)
Discover how manufacturers can achieve Cyber Resilience Act (CRA) compliance by tackling secure updates, SBOM management, and vulnerability tracking with robust OTA solutions.
An overview of EU Cyber Resilience Act (CRA) compliance
Learn how the EU Cyber Resilience Act (CRA) enforces stringent cybersecurity requirements for PDEs. Explore compliance essentials in part 1 of a 4-part series.
The scope of EU Cyber Resilience Act (CRA) compliance
Explore the scope of the EU Cyber Resilience Act (CRA). Learn about the CRA's scope, and why secure OTA updates are essential for compliance.
Proactive strategies to overcome EU CRA compliance challenges
Discover proactive strategies to navigate EU Cyber Resilience Act (CRA) compliance. Learn how to ensure long-term success.
Mender versioning: New releases by component
Explore Mender's shift to independent component releases and versioning, designed to enhance update speed and user clarity.
Driving secure innovation: ISO/SAE 21434 & UNECE compliance
ISO/SAE 21434 and UNECE R155/R156 standards reshape cybersecurity in software-defined vehicles. Compliance with these frameworks is essential for protecting consumers, ensuring vehicle safety, and driving innovation in the automotive industry.
CVE-2024-46947 & CVE-2024-47190 - SSRF issues in Mender Enterprise Server
Recently discovered security vulnerabilities in Mender Server have been fixed.
CVE-2024-46948 - Missing filtering based on RBAC device groups
A customer recently notified us of a security issue in Mender. For users of RBAC and device groups, one specific API did not filter devices correctly.