MessageWay Proxy Server Maintenance Release

Progress Software Corp.
www.progress.com
1-678-287-0700

MessageWay SFTP Proxy Server Maintenance Release

Maintenance Release Name: mwproxy-6.1.0-mr07-linux

Release date: January 5, 2021

Prerequisites: MessageWay SFTP Proxy Server 6.1.0 and MessageWay 6.1.0 mr09

Obsoletes Maintenance Releases (formerly called Hotfixes): All previous MessageWay Proxy Server 6.1.0 Hotfixes

Files:
This Maintenance Release contains the files listed below:

Files changed in this Maintenance Release mwproxy-6.1.0-mr07-linux:

libcrypto.so.1.0.0	OpenSSL crypto library
mwproxy-6.1.0-mr07-linux_readme.html	This Readme file

Files changed in previous Hotfixes and rolled into this Maintenance Release:

install.sh Proxy Installer

Installing the MessageWay SFTP Proxy Server Maintenance Release:

1) Download the Maintenance Release install package sent by Progress and unzip.
2) Logon to the perimeter server as "root".
3) Locate the Maintenance Release tarball (mwproxy-6.1.0-mr07-linux.tgz) in the Maintenance Release install package (...\servers_mrs\linux\) and copy to the perimeter server.
4) Untar the Maintenance Release tarball: tar -xzvf mwproxy-6.1.0-mr07-linux.tgz
5) Step 4 will automatically create a new subdirectory named mwproxy-6.1.0-mr07-linux.
6) Stop the MessageWay SFTP Proxy Server.
7) cd to the newly created mwproxy-6.1.0-mr07-linux subdirectory.
8) Install the Maintenance Release by running the install script: ./install.sh
9) Answer the prompts as they appear.
10) Start the MessageWay SFTP Proxy Server.

The Maintenance Release is now installed on the server. A backup copy of every replaced object was saved in the /opt/messageway/proxy/backups subdirectory.

To verify that the Maintenance Release installed properly, view the /opt/messageway/proxy/MWProxyInstall.log file. Additionally, this Maintenance Release Readme file is saved in the subdirectory created in step 4 above for future reference.

( January 5, 2021 ) Issues closed in mwproxy-6.1.0-mr07-linux

IMPORTANT NOTE about Security Updates for this release:
MessageWay now includes the OpenSSL 1.0.2u and FIPS 2.0.16 releases.

They address many vulnerabilities that can be found in the release notes on the Openssl.org site.

Specifically, see the following link for further details about this release of OpenSSL:
https://www.openssl.org/news/openssl-1.0.2-notes.html

Specifically, see the following link for further details about this release of FIPS:
https://www.openssl.org/docs/fips/SecurityPolicy-2.0.16.pdf

MessageWay SFTP Proxy Server - Issue #950 (Program changed: libcrypto.so.1.0.0)

Issue 950: See Important Note about Security Updates for this issue above.

( December 21, 2018 ) Issues closed in mwproxy-6.1.0-mr06-linux

IMPORTANT NOTE about Security Updates for this release:
MessageWay now includes the OpenSSL 1.0.2p and FIPS 2.0.16 releases.

They address many vulnerabilities that can be found in the release notes on the Openssl.org site.

Specifically, see the following link for further details about this release of OpenSSL:
https://www.openssl.org/news/openssl-1.0.2-notes.html

Specifically, see the following link for further details about this release of FIPS:
https://www.openssl.org/docs/fips/SecurityPolicy-2.0.16.pdf

MessageWay SFTP Proxy Server - Issue #4416 (Program changed: install.sh)

Issue 4416: Enhance the installation script to install systemctl service files for starting, stopping and obtaining status of MessageWay SFTP Proxy server. Changes: A systemctl service file named mwproxy.service is now installed in /usr/lib/systemd/system if it does not already exist.

MessageWay SFTP Proxy Server - Issue #4118 (Program changed: libcrypto.so.1.0.0)

Issue 4118: See Important Note about Security Updates for this issue above.

( March 31, 2018 ) Issues closed in mwproxy-6.1.0-mr05-linux

IMPORTANT NOTE about Security Updates for this release:
MessageWay now includes the OpenSSL 1.0.2n and FIPS 2.0.16 releases.

They address many vulnerabilities that can be found in the release notes on the Openssl.org site.

Specifically, see the following link for further details about this release of OpenSSL:
https://www.openssl.org/news/openssl-1.0.2-notes.html

Specifically, see the following link for further details about this release of FIPS:
https://www.openssl.org/docs/fips/SecurityPolicy-2.0.16.pdf

MessageWay SFTP Proxy Server - Issue #4118 (Program changed: libcrypto.so.1.0.0)

Issue 4118: See Important Note about Security Updates for this issue above.

( February 28, 2017 ) Issues closed in mwproxy-6.1.0-mr04-linux

IMPORTANT NOTE about Security Updates for this release:
MessageWay now includes the OpenSSL 1.0.2j and FIPS 2.0.12 releases.

They address many vulnerabilities that can be found in the release notes on the Openssl.org site.

Specifically, see the following link for further details about this release of OpenSSL:
https://www.openssl.org/news/openssl-1.0.2-notes.html

Specifically, see the following link for further details about this release of FIPS:
https://www.openssl.org/docs/fips/SecurityPolicy-2.0.12.pdf

MessageWay SFTP Proxy Server - Issue #4246 (Program changed: libcrypto.so.1.0.0)

Issue 4246: See Important Note about Security Updates for this issue above.

( April 13, 2016 ) Issues closed in mwproxy-6.1.0-mr02-linux

IMPORTANT NOTE about Security Updates for this release (Issue-4025, 4144):
MessageWay now includes the OpenSSL 1.0.1r and FIPS 2.0.11 releases.

They address many vulnerabilities that can be found in the release notes on the Openssl.org site.

Specifically, see the following link for further details about this release of OpenSSL:
https://www.openssl.org/news/openssl-1.0.1-notes.html

Specifically, see the following link for further details about this release of FIPS:
https://www.openssl.org/docs/fips/SecurityPolicy-2.0.11.pdf

MessageWay SFTP Proxy Server - Issue #4025, 4144 (Program changed: libcrypto.so.1.0.0)

Issue 4025, 4144: See Important Note about Security Updates for this issue above.

( May 15, 2015 ) Issues closed in mwftp-6.1.0-mr01

IMPORTANT NOTE about Security Updates for this release (Issue-3975):
MessageWay now includes the OpenSSL 0.9.8ze and FIPS 1.2.2 releases.

They address the following higher profile vulnerabilities and many others that can be found in the release notes on the Openssl.org site.

CVE-2014-0160, Heartbleed vulnerability, the OpenSSL 0.9.8.ze is not vulnerable to the issue outlined in this CVE report.
CVE-2014-0224, SSL/TLS MITM vulnerability, the OpenSSL 0.9.8.ze version contains the updates to address this vulnerability.
CVE-2014-3566, POODLE vulnerability, MessageWay no longer supports the SSLv3 protocol for secure sessions.
CVE-2015-0204, FREAK vulnerability, the OpenSSL 0.9.8.ze version contains the updates to address this vulnerability.

MessageWay SFTP Proxy Server - Issue #3975 (Program changed: libcrypto.so.0.9.8)

Issue 3975: See Important Note about Security Updates for this issue above.

Progress | 1-678-287-0700