Progress Software Corp.
www.progress.com
1-678-287-0700


MessageWay SFTP Proxy Server Maintenance Release

Maintenance Release Name:     mwproxy-6.1.0-mr07-win32

Release date:    January 5, 2021

Prerequisites:     MessageWay SFTP Proxy Server 6.1.0 and MessageWay 6.1.0 mr09

Obsoletes Maintenance Releases (formerly called Hotfixes):  All previous MessageWay Proxy Server 6.1.0 Hotfixes

Files:
This Maintenance Release contains the files listed below:

  Files changed in this Maintenance Release mwproxy-6.1.0-mr07-win32:

    libeay32.dll  OpenSSL crypto library
    mwproxy-6.1.0-mr07-win32_readme.html This Readme file

  Files changed in previous Hotfixes and rolled into this Maintenance Release:

    None  

Installing the MessageWay SFTP Proxy Server Maintenance Release:

1) Download the Maintenance Release install package sent by Progress.
2) Logon to the perimeter server as the user that installed the MessageWay Proxy Server service.
3) Copy the Maintenance Release install package to the perimeter server and unzip.
4) Step 3 will automatically create a new subdirectory named after the Maintenance Release install package.
5) Stop the MessageWay Proxy Server service.
6) Locate and run the install program (mwproxy-6.1.0-mr07-win32.exe) in the subdirectory structure created in step 3 (...\servers_mrs\windows\).
7) Answer the prompts as they appear.
8) Start the MessageWay Proxy Server service.

The Maintenance Release is now installed on the server. A backup copy of every replaced object was saved in the \Program Files (x86)\MessageWay\proxy\backups subdirectory.

To verify that the Maintenance Release installed properly, view the \Program Files (x86)\MessageWay\proxy\updates\ChangeLog.txt file.  That file is updated whenever a Maintenance Release is installed.  Additionally, this Maintenance Release Readme file is saved in the
\Program Files (x86)\MessageWay\proxy\updates subdirectory for future reference.

( January 5, 2021 ) Issues closed in mwproxy-6.1.0-mr07-win32

IMPORTANT NOTE about Security Updates for this release:
MessageWay now includes the OpenSSL 1.0.2u and FIPS 2.0.16 releases.

They address many vulnerabilities that can be found in the release notes on the Openssl.org site.

Specifically, see the following link for further details about this release of OpenSSL:
https://www.openssl.org/news/openssl-1.0.2-notes.html

Specifically, see the following link for further details about this release of FIPS:
https://www.openssl.org/docs/fips/SecurityPolicy-2.0.16.pdf

MessageWay SFTP Proxy Server - Issue #950 (Program changed: libeay32.dll)

Issue 950: See Important Note about Security Updates for this issue above.

( December 21, 2018 ) Issues closed in mwproxy-6.1.0-mr06-win32

IMPORTANT NOTE about Security Updates for this release:
MessageWay now includes the OpenSSL 1.0.2p and FIPS 2.0.16 releases.

They address many vulnerabilities that can be found in the release notes on the Openssl.org site.

Specifically, see the following link for further details about this release of OpenSSL:
https://www.openssl.org/news/openssl-1.0.2-notes.html

Specifically, see the following link for further details about this release of FIPS:
https://www.openssl.org/docs/fips/SecurityPolicy-2.0.16.pdf

MessageWay SFTP Proxy Server - Issue #4118 (Program changed: libeay32.dll)

Issue 4118: See Important Note about Security Updates for this issue above.

( March 31, 2018 ) Issues closed in mwproxy-6.1.0-mr05-win32

IMPORTANT NOTE about Security Updates for this release:
MessageWay now includes the OpenSSL 1.0.2n and FIPS 2.0.16 releases.

They address many vulnerabilities that can be found in the release notes on the Openssl.org site.

Specifically, see the following link for further details about this release of OpenSSL:
https://www.openssl.org/news/openssl-1.0.2-notes.html

Specifically, see the following link for further details about this release of FIPS:
https://www.openssl.org/docs/fips/SecurityPolicy-2.0.16.pdf

MessageWay SFTP Proxy Server - Issue #4118 (Program changed: libeay32.dll)

Issue 4118: See Important Note about Security Updates for this issue above.

( February 28, 2017 ) Issues closed in mwproxy-6.1.0-mr04-win32

IMPORTANT NOTE about Security Updates for this release:
MessageWay now includes the OpenSSL 1.0.2j and FIPS 2.0.12 releases.

They address many vulnerabilities that can be found in the release notes on the Openssl.org site.

Specifically, see the following link for further details about this release of OpenSSL:
https://www.openssl.org/news/openssl-1.0.2-notes.html

Specifically, see the following link for further details about this release of FIPS:
https://www.openssl.org/docs/fips/SecurityPolicy-2.0.12.pdf

MessageWay SFTP Proxy Server - Issue #4246 (Program changed: libeay32.dll)

Issue 4246: See Important Note about Security Updates for this issue above.

( April 13, 2016 ) Issues closed in mwproxy-6.1.0-mr02-win32

IMPORTANT NOTE about Security Updates for this release (Issue-4025, 4144):
MessageWay now includes the OpenSSL 1.0.1r and FIPS 2.0.11 releases.

They address many vulnerabilities that can be found in the release notes on the Openssl.org site.

Specifically, see the following link for further details about this release of OpenSSL:
https://www.openssl.org/news/openssl-1.0.1-notes.html

Specifically, see the following link for further details about this release of FIPS:
https://www.openssl.org/docs/fips/SecurityPolicy-2.0.11.pdf

MessageWay SFTP Proxy Server - Issue #4025, 4144 (Program changed: libeay32.dll)

Issue 4025, 4144:
See Important Note about Security Updates for this issue above.

( May 15, 2015 ) Issues closed in mwftp-6.1.0-mr01

IMPORTANT NOTE about Security Updates for this release (Issue-3975):
MessageWay now includes the OpenSSL 0.9.8ze and FIPS 1.2.2 releases.

They address the following higher profile vulnerabilities and many others that can be found in the release notes on the Openssl.org site.

CVE-2014-0160, Heartbleed vulnerability, the OpenSSL 0.9.8.ze is not vulnerable to the issue outlined in this CVE report.
CVE-2014-0224, SSL/TLS MITM vulnerability, the OpenSSL 0.9.8.ze version contains the updates to address this vulnerability.
CVE-2014-3566, POODLE vulnerability, MessageWay no longer supports the SSLv3 protocol for secure sessions.
CVE-2015-0204, FREAK vulnerability, the OpenSSL 0.9.8.ze version contains the updates to address this vulnerability.

MessageWay SFTP Proxy Server - Issue #3975 (Program changed: libeay32.dll)

Issue 3975:
See Important Note about Security Updates for this issue above.

 

Progress | 1-678-287-0700