We always try to keep on top of security upgrades. This build upgrades the OpenSSL library to the latest version.
To be geeky about it, this build (1) Fixed an SM2 Decryption Buffer Overflow [CVE-2021-3711]. A malicious attacker could possibly change server behaviour or cause the server to crash. (2) Fixed various read buffer overruns processing ASN.1 strings [CVE-2021-3712]. A malicious actor could cause an application to crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext).
We recommend this upgrade for all sites.
The latest release version is now WebCrossing 6.4-29a2552 2021-09-05.
All self-hosted customers with valid support and maintenance contracts can download this new version at no cost.
If you are a self-hosted customer and have a valid support and maintenance contract, please contact support for access to the new server. If your support and maintenance contract has expired, please contact us to renew so we can provide you with this important update.