I have received a couple of emails from users wondering whether proftpd is vulnerable to/affected by the OpenSSL "Heartbleed" bug:
http://heartbleed.com/ Heartbleed is a flaw in the OpenSSL library, occurring to specific versions of OpenSSL (earlier versions did not have this bug, and later versions have it fixed). Because the Heartbleed bug is a bug in the OpenSSL library, applications (like proftpd, specifically the mod_tls module) that use that library are also affected. This is *not* a flaw in proftpd itself; we cannot release any code changes in proftpd to address this problem. Unfortunately, the only recourse is to update your OpenSSL library to a version which is not affected (i.e. has been fixed), or an older OpenSSL library before the flaw was introduced. Some searching on Google will help reveal those versions. TJ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The more we study, the more we discover our ignorance. -Percy Bysshe Shelley ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs _______________________________________________ ProFTPD Developers List <proftpd-de...@proftpd.org> https://lists.sourceforge.net/lists/listinfo/proftp-devel
