New packages for Melodic 2021-09-27

We’re happy to announce the next update of ROS Melodic. There are 3 new packages as well as 87 updated packages.

Besides the normal package updates, this update also includes a fix for CVE-2021-37146 in ros_comm. In versions of ros_comm up to and including version 1.4.11, a malformed XMLRPC request would cause roscore to spend an excessive amount of time processing the request, leading to a potential denial-of-service with repeated requests. A fix to make the XMLRPC server in roscore reject malformed requests was merged in PR, and released in ros_comm version 1.14.12 (part of this sync). We rate the impact of this vulnerability as low; an attacker with access to roscore could do various other things to cause a denial-of-service attack or worse. To our knowledge this vulnerability was never seen in the wild. This issue was initially reported by Junfeng Yang from Didi Research America, LLC.​

Full details of the sync are below.

Package Updates for melodic

Added Packages [3]:

Updated Packages [87]:

Removed Packages [3]:

Thanks to all ROS maintainers who make packages available to the ROS community. The above list of packages was made possible by the work of the following maintainers:

  • Alexander Gutenkunst
  • Atsushi Watanabe
  • Augusto
  • Austin Hendrix
  • Davide Faconti
  • Evan Flynn
  • Felix Exner
  • Felix Ruess
  • Franka Emika GmbH
  • Guilhem Saurel
  • Guilhem saurel
  • Isaac I.Y. Saito
  • Jacob Perron
  • Justin Carpentier
  • Lars Berscheid
  • Martin Günther
  • Martin Pecka
  • Max Krogius
  • Monika Florek-Jasinska
  • Nick Walker
  • Paul Bovbel
  • Praveen Palanisamy
  • Robert Haschke
  • Ross Taylor
  • SBG Systems
  • Stefan Scherzinger
  • Vladimir Ermakov
  • William Woodall
  • niels

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.