Progress Software Corp.
www.progress.com
1-678-287-0700


MessageWay SFTP Proxy Server Maintenance Release

Maintenance Release Name:     mwproxy-6.1.0-mr07-solaris

Release date:    January 5, 2021

Prerequisites:     MessageWay SFTP Proxy Server 6.1.0 and MessageWay 6.1.0 mr09

Obsoletes Maintenance Releases (formerly called Hotfixes):  All previous MessageWay Proxy Server 6.1.0 Hotfixes

Files:
This Maintenance Release contains the files listed below:

  Files changed in this Maintenance Release mwproxy-6.1.0-mr07-solaris:

    libcrypto.so.1.0.0  OpenSSL crypto library
    mwproxy-6.1.0-mr07-solaris_readme.html This Readme file

  Files changed in previous Hotfixes and rolled into this Maintenance Release:

    None  

Installing the MessageWay SFTP Proxy Server Maintenance Release:

1) Download the Maintenance Release install package sent by Progress and unzip.
2) Logon to the perimeter server as "root".
3) Locate the Maintenance Release tarball (mwproxy-6.1.0-mr07-solaris.tgz) in the Maintenance Release install package (...\servers_mrs\solaris\) and copy to the perimeter server.
4) Unzip the Maintenance Release tarball: gunzip mwproxy-6.1.0-mr07-solaris.tgz
5) Untar the resulting Maintenance Release tar file: tar -xzvf mwproxy-6.1.0-mr07-solaris.tar
6) Step 5 will automatically create a new subdirectory named mwproxy-6.1.0-mr07-solaris.
7) Stop the MessageWay SFTP Proxy Server.
8) cd to the newly created mwproxy-6.1.0-mr07-solaris subdirectory.
9) Install the Maintenance Release by running the install script: ./install.sh
10) Answer the prompts as they appear.
11) Start the MessageWay SFTP Proxy Server.

The Maintenance Release is now installed on the server. A backup copy of every replaced object was saved in the /opt/messageway/proxy/backups subdirectory.

To verify that the Maintenance Release installed properly, view the /opt/messageway/proxy/MWProxyInstall.log file. Additionally, this Maintenance Release Readme file is saved in the subdirectory created in step 5 above for future reference.

( January 5, 2021 ) Issues closed in mwproxy-6.1.0-mr07-solaris

IMPORTANT NOTE about Security Updates for this release:
MessageWay now includes the OpenSSL 1.0.2u and FIPS 2.0.16 releases.

They address many vulnerabilities that can be found in the release notes on the Openssl.org site.

Specifically, see the following link for further details about this release of OpenSSL:
https://www.openssl.org/news/openssl-1.0.2-notes.html

Specifically, see the following link for further details about this release of FIPS:
https://www.openssl.org/docs/fips/SecurityPolicy-2.0.16.pdf

MessageWay SFTP Proxy Server - Issue #950 (Program changed: libcrypto.so.1.0.0)

Issue 950: See Important Note about Security Updates for this issue above.

( December 21, 2018 ) Issues closed in mwproxy-6.1.0-mr06-solaris

IMPORTANT NOTE about Security Updates for this release:
MessageWay now includes the OpenSSL 1.0.2p and FIPS 2.0.16 releases.

They address many vulnerabilities that can be found in the release notes on the Openssl.org site.

Specifically, see the following link for further details about this release of OpenSSL:
https://www.openssl.org/news/openssl-1.0.2-notes.html

Specifically, see the following link for further details about this release of FIPS:
https://www.openssl.org/docs/fips/SecurityPolicy-2.0.16.pdf

MessageWay SFTP Proxy Server - Issue #4118 (Program changed: libcrypto.so.1.0.0)

Issue 4118: See Important Note about Security Updates for this issue above.

( March 31, 2018 ) Issues closed in mwproxy-6.1.0-mr05-solaris

IMPORTANT NOTE about Security Updates for this release:
MessageWay now includes the OpenSSL 1.0.2n and FIPS 2.0.16 releases.

They address many vulnerabilities that can be found in the release notes on the Openssl.org site.

Specifically, see the following link for further details about this release of OpenSSL:
https://www.openssl.org/news/openssl-1.0.2-notes.html

Specifically, see the following link for further details about this release of FIPS:
https://www.openssl.org/docs/fips/SecurityPolicy-2.0.16.pdf

MessageWay SFTP Proxy Server - Issue #4118 (Program changed: libcrypto.so.1.0.0)

Issue 4118: See Important Note about Security Updates for this issue above.

( February 28, 2017 ) Issues closed in mwproxy-6.1.0-mr04-solaris

IMPORTANT NOTE about Security Updates for this release:
MessageWay now includes the OpenSSL 1.0.2j and FIPS 2.0.12 releases.

They address many vulnerabilities that can be found in the release notes on the Openssl.org site.

Specifically, see the following link for further details about this release of OpenSSL:
https://www.openssl.org/news/openssl-1.0.2-notes.html

Specifically, see the following link for further details about this release of FIPS:
https://www.openssl.org/docs/fips/SecurityPolicy-2.0.12.pdf

MessageWay SFTP Proxy Server - Issue #4246 (Program changed: libcrypto.so.1.0.0)

Issue 4246: See Important Note about Security Updates for this issue above.

( April 13, 2016 ) Issues closed in mwproxy-6.1.0-mr02-solaris

IMPORTANT NOTE about Security Updates for this release (Issue-4025, 4144):
MessageWay now includes the OpenSSL 1.0.1r and FIPS 2.0.11 releases.

They address many vulnerabilities that can be found in the release notes on the Openssl.org site.

Specifically, see the following link for further details about this release of OpenSSL:
https://www.openssl.org/news/openssl-1.0.1-notes.html

Specifically, see the following link for further details about this release of FIPS:
https://www.openssl.org/docs/fips/SecurityPolicy-2.0.11.pdf

MessageWay SFTP Proxy Server - Issue #4025, 4144 (Program changed: libcrypto.so.1.0.0)

Issue 4025, 4144: See Important Note about Security Updates for this issue above.

( May 15, 2015 ) Issues closed in mwftp-6.1.0-mr01

IMPORTANT NOTE about Security Updates for this release (Issue-3975):
MessageWay now includes the OpenSSL 0.9.8ze and FIPS 1.2.2 releases.

They address the following higher profile vulnerabilities and many others that can be found in the release notes on the Openssl.org site.

CVE-2014-0160, Heartbleed vulnerability, the OpenSSL 0.9.8.ze is not vulnerable to the issue outlined in this CVE report.
CVE-2014-0224, SSL/TLS MITM vulnerability, the OpenSSL 0.9.8.ze version contains the updates to address this vulnerability.
CVE-2014-3566, POODLE vulnerability, MessageWay no longer supports the SSLv3 protocol for secure sessions.
CVE-2015-0204, FREAK vulnerability, the OpenSSL 0.9.8.ze version contains the updates to address this vulnerability.

MessageWay SFTP Proxy Server - Issue #3975 (Program changed: libcrypto.so.0.9.8)

Issue 3975: See Important Note about Security Updates for this issue above.

 

Progress | 1-678-287-0700