MessageWay SFTP Proxy Server Maintenance Release
Maintenance Release Name:
mwproxy-6.1.0-mr07-win32
Release date: January 5, 2021
Prerequisites: MessageWay
SFTP Proxy Server 6.1.0 and MessageWay 6.1.0 mr09
Obsoletes Maintenance Releases (formerly called Hotfixes):
All previous MessageWay Proxy Server 6.1.0 Hotfixes
Files:
This Maintenance Release contains the files listed below:
Files changed in this Maintenance Release
mwproxy-6.1.0-mr07-win32:
| libeay32.dll |
OpenSSL crypto library |
|
mwproxy-6.1.0-mr07-win32_readme.html |
This Readme file |
Files changed in previous Hotfixes and rolled into this
Maintenance Release:
Installing the MessageWay SFTP Proxy Server
Maintenance Release:
1) Download the
Maintenance Release install package sent by Progress.
2) Logon to the
perimeter server as the user that installed the MessageWay Proxy
Server service.
3) Copy the Maintenance Release install package to the
perimeter server and unzip.
4) Step 3 will automatically create a new
subdirectory named after the Maintenance Release install package.
5) Stop the MessageWay Proxy Server
service.
6) Locate and run the install program (mwproxy-6.1.0-mr07-win32.exe)
in the subdirectory structure created in step 3 (...\servers_mrs\windows\).
7) Answer the prompts as they appear.
8) Start the MessageWay Proxy Server service.
The Maintenance
Release is now installed on the server. A backup copy of every replaced object was saved in the \Program Files
(x86)\MessageWay\proxy\backups subdirectory.
To verify that the
Maintenance Release installed properly, view the \Program Files
(x86)\MessageWay\proxy\updates\ChangeLog.txt file. That file is updated
whenever a
Maintenance Release is installed. Additionally, this Maintenance Release Readme file is saved in the
\Program Files
(x86)\MessageWay\proxy\updates subdirectory for future reference.
( January 5, 2021 ) Issues closed in
mwproxy-6.1.0-mr07-win32
IMPORTANT NOTE about Security Updates for this release:
MessageWay now includes the OpenSSL 1.0.2u and FIPS 2.0.16 releases.
They
address many vulnerabilities that can be
found in the release notes on the Openssl.org site.
Specifically, see the
following link for further details about this release of OpenSSL:
https://www.openssl.org/news/openssl-1.0.2-notes.html
Specifically, see the following link for further details about this release of
FIPS:
https://www.openssl.org/docs/fips/SecurityPolicy-2.0.16.pdf
MessageWay SFTP Proxy Server - Issue #950 (Program
changed: libeay32.dll)
Issue
950: See Important Note about Security Updates for
this issue above.
( December 21, 2018 ) Issues closed in
mwproxy-6.1.0-mr06-win32
IMPORTANT NOTE about Security Updates for this release:
MessageWay now includes the OpenSSL 1.0.2p and FIPS 2.0.16 releases.
They
address many vulnerabilities that can be
found in the release notes on the Openssl.org site.
Specifically, see the
following link for further details about this release of OpenSSL:
https://www.openssl.org/news/openssl-1.0.2-notes.html
Specifically, see the following link for further details about this release of
FIPS:
https://www.openssl.org/docs/fips/SecurityPolicy-2.0.16.pdf
MessageWay SFTP Proxy Server - Issue #4118 (Program
changed: libeay32.dll)
Issue
4118: See Important Note about Security Updates for
this issue above.
( March 31, 2018 ) Issues closed in
mwproxy-6.1.0-mr05-win32
IMPORTANT NOTE about Security Updates for this release:
MessageWay now includes the OpenSSL 1.0.2n and FIPS 2.0.16 releases.
They
address many vulnerabilities that can be
found in the release notes on the Openssl.org site.
Specifically, see the
following link for further details about this release of OpenSSL:
https://www.openssl.org/news/openssl-1.0.2-notes.html
Specifically, see the following link for further details about this release of
FIPS:
https://www.openssl.org/docs/fips/SecurityPolicy-2.0.16.pdf
MessageWay SFTP Proxy Server - Issue #4118 (Program
changed: libeay32.dll)
Issue
4118: See Important Note about Security Updates for
this issue above.
( February 28, 2017 ) Issues closed in
mwproxy-6.1.0-mr04-win32
IMPORTANT NOTE about Security Updates for this release:
MessageWay now includes the OpenSSL 1.0.2j and FIPS 2.0.12 releases.
They
address many vulnerabilities that can be
found in the release notes on the Openssl.org site.
Specifically, see the
following link for further details about this release of OpenSSL:
https://www.openssl.org/news/openssl-1.0.2-notes.html
Specifically, see the following link for further details about this release of
FIPS:
https://www.openssl.org/docs/fips/SecurityPolicy-2.0.12.pdf
MessageWay SFTP Proxy Server - Issue #4246 (Program
changed: libeay32.dll)
Issue
4246: See Important Note about Security Updates for
this issue above.
(
April 13, 2016
) Issues closed in
mwproxy-6.1.0-mr02-win32
IMPORTANT NOTE about Security Updates for this release (Issue-4025,
4144):
MessageWay now includes the OpenSSL 1.0.1r and FIPS 2.0.11 releases.
They address many vulnerabilities that can be found in the release notes on
the Openssl.org site.
Specifically, see the following link for further
details about this release of OpenSSL:
https://www.openssl.org/news/openssl-1.0.1-notes.html
Specifically, see the following link for further details about this release of
FIPS:
https://www.openssl.org/docs/fips/SecurityPolicy-2.0.11.pdf
MessageWay SFTP Proxy Server - Issue #4025, 4144 (Program
changed: libeay32.dll)
Issue 4025, 4144: See Important Note about Security Updates for
this issue above. ( May 15, 2015 ) Issues
closed in mwftp-6.1.0-mr01
IMPORTANT NOTE about Security Updates for this release (Issue-3975):
MessageWay now includes the OpenSSL 0.9.8ze and FIPS 1.2.2 releases.
They address the following higher profile vulnerabilities and many others
that can be found in the release notes on the Openssl.org site.
CVE-2014-0160, Heartbleed vulnerability, the OpenSSL 0.9.8.ze is not
vulnerable to the issue outlined in this CVE report.
CVE-2014-0224,
SSL/TLS MITM vulnerability, the OpenSSL 0.9.8.ze version contains the updates to
address this vulnerability.
CVE-2014-3566, POODLE
vulnerability, MessageWay no longer supports the SSLv3 protocol for secure
sessions.
CVE-2015-0204, FREAK vulnerability, the OpenSSL
0.9.8.ze version contains the updates to address this vulnerability. MessageWay SFTP Proxy Server - Issue #3975 (Program
changed: libeay32.dll)
Issue 3975: See Important Note about Security Updates for
this issue above. |
