OpenSSL heartbleed

boris

Does the OpenSSL heartbleed bug affect Abyss ?

admin

boris wrote
Does the OpenSSL heartbleed bug affect Abyss ?

Please check our official position regarding that issue http://www.aprelium.com/forum/viewtopic.php?t=355665 (published this morning.)

Paul123

admin wrote

boris wrote
Does the OpenSSL heartbleed bug affect Abyss ?

Please check our official position regarding that issue http://www.aprelium.com/forum/viewtopic.php?t=355665 (published this morning.)

X2 now patched with updated dlls. Thanks support.
For anyone interested in checking "other" web servers, I have tried a few heartbleed validation websites and https://ssltools.websecurity.symantec.com/checker/views/certCheck.jsp
seems to be reliable at detection.

boris

the PHP pre-configured packages you have available contain OpenSSL 1.0.1f (the vulnerable versions), not the 1.0.1g
I realize PHP has not released a new version of PHP, but your pre-configured packages should probably be rebuilt ? :)

admin

boris wrote
the PHP pre-configured packages you have available contain OpenSSL 1.0.1f (the vulnerable versions), not the 1.0.1g
I realize PHP has not released a new version of PHP, but your pre-configured packages should probably be rebuilt ? :)

Replacing the OpenSSL DLLs with those in the package linked to above is the way to go. Please note also that unless you're writing a server software with PHP (in which case you're not doing simple PHP Web scripting), you won't have any issue with that language. Heartbleed is bug with a limited scope and it doesn't include general PHP scripting.

admin

Abyss Web Server 2.9.3 has just been released. Users of previous version should upgrade as soon as possible to fix the Heartbleed issue.
http://www.aprelium.com/news/abws293.html