Abyss Web Server uses for the SSL layer the library OpenSSL. A vulnerability has been discovered in recent releases of OpenSSL which in could allow a malicious client to read up to 64k of memory to of the server. While this sounds scary in theory, in the context of Abyss Web Server, the revealed memory should not contain any sensitive information that the attacker could use.
https://www.openssl.org/news/secadv_20140407.txt
Who is concerned by this vulnerability?
If you are using Abyss Web Server version 2.8.0.x or 2.9.0.x, you are using a vulnerable version of OpenSSL.
If you do not have a HTTPS host, you are not using OpenSSL and you are not affected.
Solutions if you are concerned by the vulnerability
If you are using Abyss Web Server X1 (the free edition): You can immediately upgrade to the latest version of Abyss Web Server 2.9.3.1 which is not affected. This version have not been officially announced but its X1 edition is ready for use and contains a fixed OpenSSL module:
Windows:
http://www.aprelium.com/data/abwsx1-2-9-3-1.exe
Mac OS X:
http://www.aprelium.com/data/abwsx1-2-9-3-1.dmg
Linux:
http://www.aprelium.com/data/abwsx1-2-9-3-1.tgz
If you are using Abyss Web Server X2 (the professional edition) version 2.8.0.x or 2.9.0.x: The new version 2.9.3.1 will be ready within 48 hours and will be announced by email as usual.
Meanwhile, users of the Windows edition can upgrade their OpenSSL DLLs without changing Abyss Web Server. Please download the following ZIP file, and replace the files
libeay32.dll and
ssleay32.dll in Abyss Web Server directory with the copies you'll find in the ZIP (be sure to get them from the right subdirectory:
x86 for 32-bit Windows systems and
x64 for 64-bit Windows systems.
http://www.aprelium.com/data/abyssws-openssl-101g.zip
Thank you for your understanding.