vulnerability in OpenSSL

Advertisement

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
28,317
Location:
Prague, Czechia

Re: vulnerability in OpenSSL

This bug is tracked here:
https://winscp.net/tracker/1151

We are working on a fix.

Note that OpenSSL is used with FTP over TLS/SSL only. Majority (about 98%) of WinSCP users use SSH (SFTP/SCP) and plain FTP only and are NOT affected!

Reply with quote

SikhSuperman
Joined:
Posts:
6

When will 5.5.3 be released with the OpenSSL bug fix? We're using 5.5.2 and from my reading the underlying OpenSSL core is 1.0.1f? Can somebody confirm this?

Thanks
SS

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
28,317
Location:
Prague, Czechia

SikhSuperman wrote:

When will 5.5.3 be released with the OpenSSL bug fix?
In few days.

We're using 5.5.2 and from my reading the underlying OpenSSL core is 1.0.1f? Can somebody confirm this?
That's correct.

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
28,317
Location:
Prague, Czechia

SikhSuperman wrote:

We're using the SSH feature over sFTP of WinSCP so we should be safe on the 'Heartbleed' bug.
Ref: https://winscp.net/forum/viewtopic.php?t=13736
Correct. OpenSSL is used with FTP over TLS/SSL only. Majority (about 98%) of WinSCP users use SSH (SFTP/SCP) and plain FTP only and are NOT affected!

Reply with quote

Advertisement

You can post new topics in this forum