We have released a new version of WebCrossing with a security update for OpenSSL.
Updated OpenSSL to version 1.1.1o. Major changes include:
Fixed a bug in the c_rehash script which was not properly sanitising shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands
with the privileges of the script. If you use SSL (https) for your site we recommend always using the latest build. For our hosted customers, we will do the server updates for your site.
If you are a self-hosted customer and have a valid support and maintenance contract, please contact support for access to the latest WebCrossing build. If your support and maintenance contract has expired, please contact us to renew so we can provide you with this update.
The latest build is now WebCrossing 6.4-bc8e02d 2022-06-20.