Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

martin

SikhSuperman wrote:

We're using the SSH feature over sFTP of WinSCP so we should be safe on the 'Heartbleed' bug.
Ref: https://winscp.net/forum/viewtopic.php?t=13736

Correct. OpenSSL is used with FTP over TLS/SSL only. Majority (about 98%) of WinSCP users use SSH (SFTP/SCP) and plain FTP only and are NOT affected!
martin

SikhSuperman wrote:

When will 5.5.3 be released with the OpenSSL bug fix?

In few days.

We're using 5.5.2 and from my reading the underlying OpenSSL core is 1.0.1f? Can somebody confirm this?

That's correct.
SikhSuperman

When will 5.5.3 be released with the OpenSSL bug fix? We're using 5.5.2 and from my reading the underlying OpenSSL core is 1.0.1f? Can somebody confirm this?

Thanks
SS
martin

Re: vulnerability in OpenSSL

This bug is tracked here:
https://winscp.net/tracker/1151

We are working on a fix.

Note that OpenSSL is used with FTP over TLS/SSL only. Majority (about 98%) of WinSCP users use SSH (SFTP/SCP) and plain FTP only and are NOT affected!